On 6/7/07, Steve Webb <[EMAIL PROTECTED]> wrote: > *Q. Can Kerberos be used to authenticate users and a php script then given > access to a users username in order to authorize privilidges??* > > >From my reading I believe that using the mod_auth_kerb module for Apache in > Negotiation mode may be the best bet for my needs but am hoping to confirm > whether or not a php script on the same apache server can gain access to the > users username in order to ascertain roles from a database, where I am quite > happy to duplicate usernames if need be.
mod_auth_kerb works great in the right conditions. You must be using IE or a newer Firefox. Linux works great (not sure about other Unix systems). On Windows the two browsers can only acquire credentials from the LSA which means the workstation needs to be joined to a domain, I believe. >From the server side, when Apache authenticates a user, it sets the environment variable REMOTE_USER to the full principal name, so PHP can get it from $_SERVER['REMOTE_USER']. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos