Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:21300
Return-Path: <sniper@iki.fi>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 37242 invoked by uid 1010); 21 Dec 2005 10:27:48 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 37227 invoked from network); 21 Dec 2005 10:27:48 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Dec 2005 10:27:48 -0000
X-Host-Fingerprint: 195.197.172.116 gw02.mail.saunalahti.fi Linux 2.4/2.6
Received: from ([195.197.172.116:54579] helo=gw02.mail.saunalahti.fi)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id 4E/43-14561-22E29A34 for <internals@lists.php.net>; Wed, 21 Dec 2005 05:27:46 -0500
Received: from nest.netphobia.fi (YZDCXXXI.dsl.saunalahti.fi [85.76.35.232])
	by gw02.mail.saunalahti.fi (Postfix) with ESMTP id B9AE8DC584;
	Wed, 21 Dec 2005 12:27:39 +0200 (EET)
Received: from nest.netphobia.fi (nest.netphobia.fi [127.0.0.1])
	by nest.netphobia.fi (8.13.1/8.13.1) with ESMTP id jBLARePk027272;
	Wed, 21 Dec 2005 12:27:40 +0200
Received: from localhost (jani@localhost)
	by nest.netphobia.fi (8.13.1/8.13.1/Submit) with ESMTP id jBLARdcs027269;
	Wed, 21 Dec 2005 12:27:40 +0200
X-Authentication-Warning: nest.netphobia.fi: jani owned process doing -bs
Date: Wed, 21 Dec 2005 12:27:39 +0200 (EET)
Reply-To: Jani Taskinen <sniper@iki.fi>
To: Michael B Allen <mba2000@ioplex.com>
cc: Wez Furlong <kingwez@gmail.com>, internals@lists.php.net
In-Reply-To: <20051221035606.18815a25.mba2000@ioplex.com>
Message-ID: <Pine.LNX.4.61.0512211227220.27267@arfg.argcubovn.sv>
References: <20051221005926.4c8ad254.mba2000@ioplex.com>
	<4e89b4260512202258j47f6745foe3b3f4d493b6cbba@mail.gmail.com>
	<20051221035606.18815a25.mba2000@ioplex.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Subject: Re: [PHP-DEV] Maintaining State Across Requests / An SSO Extension
From: sniper@iki.fi (Jani Taskinen)


     So you're duplicating the ldap extension? :)

     --Jani

On Wed, 21 Dec 2005, Michael B Allen wrote:

>
> On Wed, 21 Dec 2005 01:58:41 -0500
> Wez Furlong <kingwez@gmail.com> wrote:
>
>> Just curious, why aren't you writing this as an apache module?
>>
>> Is this of any use; it seems a bit dated, but could save you some effort:
>> http://meta.cesnet.cz/cms/opencms/en/docs/software/devel/negotiate.html
>
> Well for one, mod_auth_gss_krb5 only does authentication. My *real*
> product is Windows integration libraries for non-Windows environments
> (i.e. LAMP). So, for example, this SSO module is going to include Windows
> authorization functionality for integration with AD. Meaning the developer
> can restrict content based on group membership of groups defined in an
> AD domain:
>
>  $auth = sso_authenticate();
>  if (!sso_is_member($auth, "Authenticated Users")) {
>      header("Location: /login.php");
>      die("You are not authorized to access this content.");
>  }
>
>  ...
>
>  if (sso_is_member($auth, "FOONET\\Engineers")) {
>      echo "Engineers rule!";
>  } else if (sso_is_member($auth, "FOONET\\Consultants")) {
>      echo "Consultants rule!";
>  }
>
> Also I think there's also alot of polish that can go into failing over to
> other authentication methods and redirecting to login pages and so on. You
> just can't do any of this well unless your at the language level.
>
> Mike
>
>