Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:21301
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 11296 invoked by uid 1010); 21 Dec 2005 13:05:41 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 11281 invoked from network); 21 Dec 2005 13:05:40 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Dec 2005 13:05:40 -0000
X-Host-Fingerprint: 84.56.30.230 dslb-084-056-030-230.pools.arcor-ip.net  
Received: from ([84.56.30.230:18575] helo=localhost.localdomain)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id D2/4A-14561-32359A34 for <internals@lists.php.net>; Wed, 21 Dec 2005 08:05:39 -0500
To: internals@lists.php.net,mba2000@ioplex.com (Michael B Allen)
Date: Wed, 21 Dec 2005 14:06:13 +0100
Message-ID: <20051221140613.6e967471@localhost.localdomain>
In-Reply-To: <20051221035606.18815a25.mba2000@ioplex.com>
References: <20051221005926.4c8ad254.mba2000@ioplex.com>
	<4e89b4260512202258j47f6745foe3b3f4d493b6cbba@mail.gmail.com>
	<20051221035606.18815a25.mba2000@ioplex.com>
Reply-To: pierre.php@gmail.com
X-Newsreader: Sylpheed-Claws 1.9.14 (GTK+ 2.8.6; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Posted-By: 84.56.30.230
Subject: Re: [PHP-DEV] Maintaining State Across Requests / An SSO Extension
From: pierre.php@gmail.com (Pierre)

On Wed, 21 Dec 2005 03:56:06 -0500
mba2000@ioplex.com (Michael B Allen) wrote:

> On Wed, 21 Dec 2005 01:58:41 -0500
> Wez Furlong <kingwez@gmail.com> wrote:
> 
> > Just curious, why aren't you writing this as an apache module?
> > 
> > Is this of any use; it seems a bit dated, but could save you some
> > effort:
> > http://meta.cesnet.cz/cms/opencms/en/docs/software/devel/negotiate.html
> 
> Well for one, mod_auth_gss_krb5 only does authentication. My *real*
> product is Windows integration libraries for non-Windows environments
> (i.e. LAMP). So, for example, this SSO module is going to include
> Windows authorization functionality for integration with AD. Meaning
> the developer can restrict content based on group membership of
> groups defined in an AD domain:

There is already some NTLM modules for apache. A php version will may
be available in PEAR. NTLM is what you are trying to achieve, or a part
of it. Single Sign On is another problem, and can be done with various
auth mechanisms. Are you implementing SSO as well? :)

--Pierre