Automagic Kerberos/LDAP intergration on Apache - Kerberos

This is a discussion on Automagic Kerberos/LDAP intergration on Apache - Kerberos ; Hi all, This might be somewhat off topic, so if the admin's nuke I won't be offended, but I'm not quite sure where else to post it, and people who use Kerberos might be interested. I'm in the process of ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Automagic Kerberos/LDAP intergration on Apache

  1. Automagic Kerberos/LDAP intergration on Apache

    Hi all,

    This might be somewhat off topic, so if the admin's nuke I won't be
    offended, but I'm not quite sure where else to post it, and people who
    use Kerberos might be interested.

    I'm in the process of writing an automagical
    Authorization/Authentication module for PHP to work with Kerberos and
    LDAP, and I'm curious to know if it would be worth putting it up on
    sourceforge, and if anyone else would use it.

    The module requires http://sourceforge.net/projects/modauthkerb , and
    uses this to get a string describing the connecting user. From this, it
    guesses the DNS domain, queries that domain for SRV

    records for LDAP servers, and talks to those LDAP servers for user
    information. Because this is all automagic, no configuration is
    required. Currently it only supports RFC 2307 LDAP schema, although
    patches for anything that supports the LDAP protocol would be awesome;

    So from the current setup it does something like this;

    edward@EXAMPLE.COM
    => DNS example.com
    => LDAP branch: dc=example,dc=com
    => LDAP servers: Query SRV _ldaps._tcp.dlconsulting.com &
    _ldap._tcp.dlconsulting.com

    It will attempt to connect to each of the ldap servers in turn, until it
    finds something that knows about the user specified in the initial
    kerberos principle. You can then query the module for information about
    the user, the groups it's in, information about those groups, and
    information about other users.

    Effort has gone into avoiding more round trips than necessary, and in
    the future I'll look into doing local caching.

    The current version runs. It's not pretty, but it's a complete rewrite
    from my original ugly as hell prototype into a nice happy PHP5 object.

    Would anyone else find this useful? I've got authorization from my boss
    to share this under the GPL if anyone would care.

    Regards
    Edward Murrell
    edward@dlconsulting.com
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: Automagic Kerberos/LDAP intergration on Apache

    I would care quite a lot, and likely contribute.

    --
    Sean Myers
    System Administrator
    American Research Institute
    (919) 228-4961


    Edward Murrell wrote:
    > Hi all,
    >
    > This might be somewhat off topic, so if the admin's nuke I won't be
    > offended, but I'm not quite sure where else to post it, and people who
    > use Kerberos might be interested.
    >
    > I'm in the process of writing an automagical
    > Authorization/Authentication module for PHP to work with Kerberos and
    > LDAP, and I'm curious to know if it would be worth putting it up on
    > sourceforge, and if anyone else would use it.
    >
    > The module requires http://sourceforge.net/projects/modauthkerb , and
    > uses this to get a string describing the connecting user. From this, it
    > guesses the DNS domain, queries that domain for SRV
    >
    > records for LDAP servers, and talks to those LDAP servers for user
    > information. Because this is all automagic, no configuration is
    > required. Currently it only supports RFC 2307 LDAP schema, although
    > patches for anything that supports the LDAP protocol would be awesome;
    >
    > So from the current setup it does something like this;
    >
    > edward@EXAMPLE.COM
    > => DNS example.com
    > => LDAP branch: dc=example,dc=com
    > => LDAP servers: Query SRV _ldaps._tcp.dlconsulting.com &
    > _ldap._tcp.dlconsulting.com
    >
    > It will attempt to connect to each of the ldap servers in turn, until it
    > finds something that knows about the user specified in the initial
    > kerberos principle. You can then query the module for information about
    > the user, the groups it's in, information about those groups, and
    > information about other users.
    >
    > Effort has gone into avoiding more round trips than necessary, and in
    > the future I'll look into doing local caching.
    >
    > The current version runs. It's not pretty, but it's a complete rewrite
    > from my original ugly as hell prototype into a nice happy PHP5 object.
    >
    > Would anyone else find this useful? I've got authorization from my boss
    > to share this under the GPL if anyone would care.
    >
    > Regards
    > Edward Murrell
    > edward@dlconsulting.com
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread