tags:

views:

675

answers:

2
+1  Q: 

PHP Active Directory authentication with Kerberos

Hi,

I'm currently integrating a CMS (developed in PHP) authentication with Active Directory. This specific Active Directory only allows authentication through Kerberos, or ldaps:// (but this last one is not the most wanted since I'll have to use absolute paths).

I've been searching the web for anything about PHP AD Kerberos Authentication, but found nothing. Can anyone point me in the right direction?

Thanks in advance.

+1  A: 

Not freeware solution - google by 'Plexcel' keyword

Alexey Sviridov  2009-09-07 15:02:07
+2  A: 

If you are using Active Directory, its possible your webserver is IIS, which has inbuilt kerberos*.. then just let the browser & webserver handle the authentication and use some PHP like:

$user = isset($_SERVER['AUTH_USER']) ? $_SERVER['AUTH_USER'] : false; 
if((false === $user) or ('' == $user)){
//Divert to incorrect password page.. 
//MSIE typically tries three times, Kerb/NTLM/Plain
//FF will only try NTLM/Plain if configured for NTLM
//Chrome.. won't work with this at all.. not that I have discovered.
//If testing locally using Apache, user will be 0
}

Now you can do SSO using Kerberos, works a charm.

*: Called "Integrated Windows Authentication" http://support.microsoft.com/kb/324274 and must be enabled in browser by setting "Security Zone" to "Local Intranet".. which may happen if the IIS box is actually on the Local Intranet.. but it depends on the SPN and the domain the User's box and IIS box and any trust relationships.. if its on a single domain with the domain name/machine name the same it should work. If you are clustering or anything fun, expect a major headache, rather than just a normal headache. You can script/GPO the IE settings if you feel the need..

Hopefully you are asking about something else.. If I prayed it would be that you didn't implement this, it causes the whole authentication process for every single request.. which turns out slows down every page load.. no matter how many aggregations/hacks/workarounds you implement.. it was just a bad idea, but once you start or tell a manager about it, they really love it because it saves them having to login again.. oh, they will still complain about speed, but..

Grizly  2010-02-20 07:00:11

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases