generating keys from a web app(php) - Kerberos

This is a discussion on generating keys from a web app(php) - Kerberos ; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I'm looking to see if anyone has any suggestions on how best to go about generating krb5 keys from a password(string_to_key) within a php based web application. the intent here is to extend ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: generating keys from a web app(php)

  1. generating keys from a web app(php)

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hello,

    I'm looking to see if anyone has any suggestions on how best to go about
    generating krb5 keys from a password(string_to_key) within a php based
    web application. the intent here is to extend our current account
    management software(which currently generates an md5 hash of the
    password and stores it in a database) to generate krb5 keys. The idea is
    that we currently do not have a central krb5 infrastructure, but are
    interested in being able to deploy one in the future. We currently
    require all users to change their passwords at regular intervals, and
    figured that if we started saving keys away now, then any time after the
    password change interval had elapsed, we could populate a krb5 kdc based
    on the key's we'd been saving.

    has anyone else done anything like this in php?

    - -Matt Andrews
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)
    Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

    iD8DBQFGFnxKkX3rPT2XmPsRAhvVAJ9mnbTESpjj2mP8PM+ukn NXjolCqQCgkg8k
    P2bcxECd1qpat1S8FWEoie4=
    =BEpK
    -----END PGP SIGNATURE-----
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: generating keys from a web app(php)

    On Fri, 06 Apr 2007 09:58:50 -0700
    Matthew Andrews wrote:

    > I'm looking to see if anyone has any suggestions on how best to go about
    > generating krb5 keys from a password(string_to_key) within a php based
    > web application. the intent here is to extend our current account
    > management software(which currently generates an md5 hash of the
    > password and stores it in a database) to generate krb5 keys. The idea is
    > that we currently do not have a central krb5 infrastructure, but are
    > interested in being able to deploy one in the future. We currently
    > require all users to change their passwords at regular intervals, and
    > figured that if we started saving keys away now, then any time after the
    > password change interval had elapsed, we could populate a krb5 kdc based
    > on the key's we'd been saving.
    >
    > has anyone else done anything like this in php?


    I am not aware of any generic kerberos extension for PHP. We have a
    product that can do common things like set passwords and generate keytab
    files but I'm not sure it would help you (see sig).

    Why not deploy Kerberos but use it only to accept password changes from
    a bridge script in the old infrastructure. After some time, when you
    feel most or all of the passwords are set in both stores, migrate your
    applications to the new Kerberos infrastructure.

    Mike

    --
    Michael B Allen
    PHP Active Directory Kerberos SSO
    http://www.ioplex.com/
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread