Hi, I've been trying to Kerberize our Apache and PostgreSQL servers for our company's web applications. Goal: To connect from a PHP web app to a PostgreSQL database using the users credentials, so all authorization is managed via privileges within the database. Our IT dept has recently installed Windows 2003 Server to provide authentication & directories via Kerberos and LDAP. I've managed to configure Apache (2.0.49) to authenticate users using mod_auth_kerb (5.0-rc6), and also PostgreSQL (7.4.3) to use Kerberos. (Linux hosts use MIT KerberosV5 1.3.3 client libs, KDC is Windows 2003) mod_auth_kerb is configured with: KrbSaveCredentials on So in PHP (4.3.8) we end up with the variables: $_SERVER['REMOTE_USER'] (eg: 'gibsonm@xxxxxxxxxxxxxxx') $_SERVER['KRB5CCNAME'] (eg: 'FILE:/tmp/krb5cc_apache_tVFJCd') Even HTTP Negotiate works with Firefox/Linux (but not IE/XP yet!) :) But this is where I get stuck. How do I use the supplied credentials file to connect to PostgreSQL? In the PostgreSQL docs it says: (http://www.postgresql.org/docs/7.4/interactive/auth-methods.html#KERBEROS-AUTH) > If you use mod_auth_kerb from http://modauthkerb.sf.net and mod_perl > on your Apache web server, you can use AuthType > KerberosV5SaveCredentials with a mod_perl script. This gives secure > database access over the web, no extra passwords required. I'm assuming this is out of date, or has changed with mod_auth_kerb 5.0, and that the KrbSaveCredentials directive does this job instead. Is there any examples of this mod_perl script? Can the alleged mod_perl method be adapted to PHP? Has anyone got this to work? What are the alternatives to my goal stated above? Cheers -- Mark Gibson <gibsonm |AT| cromwell |DOT| co |DOT| uk> Web Developer & Database Admin Cromwell Tools Ltd. Leicester, England.
