On Sun, Dec 29, 2002 at 12:22:19AM +0100, Turbo Fredriksson wrote: > >>>>> "Steve" == Steve Langasek <[EMAIL PROTECTED]> writes:
> Steve> On Sat, Dec 28, 2002 at 08:04:23PM +0100, Turbo Fredriksson > Steve> wrote: > >> Have anyone (heard of) something that can get me tickets, add > >> and remove principals, change passwords etc from a PHP > >> 'script'? > >> I'd prefers not to go through external commands and/or scripts, > >> but use a proper API. Searching for this on the web revealed > >> nothing! This is the last attempt. If no one HERE know > >> anything, then it doesn't exists :) > Steve> If it exists, it hasn't been announced for the benefit of > Steve> others to download. Personally, I think you're much better > Steve> off using external commands than trying to sanely expose > Steve> the Kerberos API to the weakly-typed PHP. > Now we're talking! This is exactly why I haven't already started to > implement the API in PHP. I suspected that someone would object > for some reason. I have no idea myself why this would be a bad idea, > so please enlightenment me (no pun or sarcasm intended!). The only way to represent opaque pointers (something the Kerberos API deals heavily in) in PHP is as a 'reference' -- an integer offset into a lookup table for the specified object type. It's possible for a PHP extension to do runtime type checking of a reference to prevent segfaults, but the programmer really has no way to tell one type of reference from another within a PHP script: given that one may be working with ten or so opaque data types at a time in some portions of the KRB5 API, I don't relish the idea of trying to keep track of these in a weakly typed language; it lends itself to fragile code. Alternatively, you could only expose a limited number of specific, higher-level Kerberos functions to the PHP script, corresponding to common operations you're likely to perform; but at that point, I see little advantage to not simply wrapping the commandline tools, which have already been written. I also think the number of PHP programmers in the world who could safely be trusted to not botch the security of a Kerberos extension is in the low double-digits (optimistically), so I don't imagine you'd get much help in coding such an extension. -- Steve Langasek postmodern programmer ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
