Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:21304
Return-Path: <mba2000@ioplex.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 21377 invoked by uid 1010); 21 Dec 2005 18:11:10 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 21361 invoked from network); 21 Dec 2005 18:11:10 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Dec 2005 18:11:10 -0000
X-Host-Fingerprint: 66.220.1.142 li4-142.members.linode.com Linux 2.4/2.6
Received: from ([66.220.1.142:1742] helo=li4-142.members.linode.com)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id 95/A6-14561-EBA99A34 for <internals@lists.php.net>; Wed, 21 Dec 2005 13:11:10 -0500
Received: from quark.foo.net (pcp09149068pcs.union01.nj.comcast.net [69.142.219.62])
	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by li4-142.members.linode.com (Postfix) with ESMTP
	id F365342C29; Wed, 21 Dec 2005 13:11:05 -0500 (EST)
Date: Wed, 21 Dec 2005 13:06:20 -0500
To: Jani Taskinen <sniper@iki.fi>
Cc: kingwez@gmail.com, internals@lists.php.net
Message-ID: <20051221130620.3fd78143.mba2000@ioplex.com>
In-Reply-To: <Pine.LNX.4.61.0512211227220.27267@arfg.argcubovn.sv>
References: <20051221005926.4c8ad254.mba2000@ioplex.com>
	<4e89b4260512202258j47f6745foe3b3f4d493b6cbba@mail.gmail.com>
	<20051221035606.18815a25.mba2000@ioplex.com>
	<Pine.LNX.4.61.0512211227220.27267@arfg.argcubovn.sv>
X-Mailer: Sylpheed version 1.0.4 (GTK+ 1.2.10; i386-redhat-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Maintaining State Across Requests / An SSO Extension
From: mba2000@ioplex.com (Michael B Allen)

On Wed, 21 Dec 2005 12:27:39 +0200 (EET)
Jani Taskinen <sniper@iki.fi> wrote:

> 
>      So you're duplicating the ldap extension? :)

Yeah, you might be able to do it that way. But considering the Kerberos
ticket has the SIDs and LDAP would have to perform group expansion each
time I think a DCE/RPC SID lookup would be a little faster. Actually it
could be a lot faster if you do things like cache the SIDs since many
people would have the same ones.

Mike