Hello, I am searching for a secure way to handle client authentication in php towards postgresql. Let me explain what I like to setup: Client will connect to the application via Apache. The authentication of the clients will be done over ssl and the certificates of the clients will be stored on smartcards. (I have written a small documentation how to setup this at www.opensc.org). Next I will read in the PHP application environment variables of apache to know if the user was correctly authenticated by apache. In postgresql I would like to create for every client a user. Purpose: automatically log every action like update/delete of users by rules without requiring scripts in php. The problem I have is to authenticate the client to postgresql. Of course I could save the passwords for the clients in a text file accessible by the php application, but I don't like the idea of this file lying around on the hard drive. I thought about using Kerberos in this setup, sort of: 1.apache authenticates the client (two way ssl with smartcards) 2. client receives a ticket from kerberos 3. which php could forward to postgresql. Is this possible? Maybe someone knows another secure way of authenticating users to postgresql in a web application? Best regards, Daniel Struck -- Retrovirology Laboratory Luxembourg Centre Hospitalier de Luxembourg 4, rue E. Barblé L-1210 Luxembourg phone: +352-44116105 fax: +352-44116113 web: http://www.retrovirology.lu e-mail: struck.d@xxxxxxxxxxxxxxxx
