mod_ssl & kerberos ?

mod_ssl & kerberos ?

am 10.11.2003 12:58:33 von Daniel Struck

Hello,


I want to ask if the following setup is possible:


Clients will be authenticated towards apache with x509 certificates (mod_ss=
l).

Would it now be possible to give authenticated clients a kerberos ticket wh=
ich could be read out in php/perl?
I would like to use this ticket to authenticate the client towards a databa=
se like postgresql.

(Background: In my web application a use postgresql, where I will write rul=
es which automatically log certain actions of the client like update or del=
ete queries. So I do need every client to be loged in the database with a d=
ifferent name, but I don't want to store the usernames & userpasswords in a=
file accessible to php, nor do I want to do the logging in php. I want to =
move as much logic as possible to the database, which will make it easier i=
n future to change the interface from php to java for example.)


Best regards,

Daniel Struck

--=20
Retrovirology Laboratory Luxembourg
Centre Hospitalier de Luxembourg
4, rue E. Barbl=E9
L-1210 Luxembourg

phone: +352-44116105
fax: +352-44116113
web: http://www.retrovirology.lu
e-mail: struck.d@retrovirology.lu
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: mod_ssl & kerberos ?

am 11.11.2003 22:23:49 von Mads Toftum

On Mon, Nov 10, 2003 at 12:58:33PM +0100, Daniel Struck wrote:
> Hello,
>
>
> I want to ask if the following setup is possible:
>
>
> Clients will be authenticated towards apache with x509 certificates (mod_ssl).
>
> Would it now be possible to give authenticated clients a kerberos ticket which could be read out in php/perl?
> I would like to use this ticket to authenticate the client towards a database like postgresql.
>
I imagine something like http://modauthkerb.sourceforge.net/ along
with SSLOptions +FakeBasicAuth could do the trick (YMMV - I don't know
enough about Kerberos to know wether that type of usernames would be
a problem).

http://www.modssl.org/docs/2.8/ssl_reference.html#ToC21

vh

Mads Toftum
--
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations"
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation"
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org