Skip site navigation (1) Skip section navigation (2)

Re: client authentication towards postgresql in php?

From: Daniel Struck <struck(dot)d(at)retrovirology(dot)lu>(by way of Daniel Struck <struck(dot)d(at)retrovirology(dot)lu>)
To: Bruno Wolff III <bruno(at)wolff(dot)to>
Cc: Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>,pgsql-php(at)postgresql(dot)org
Subject: Re: client authentication towards postgresql in php?
Date: 2003-11-12 10:26:03
Message-ID: 20031112112603.1eb5d786.struck.d@retrovirology.lu (view raw or flat)
Thread:
Lists: pgsql-php
On Tue, 11 Nov 2003 12:47:52 -0600
Bruno Wolff III <bruno(at)wolff(dot)to> wrote:

> If you trust the host the php/web server runs on you may be able to use
> trust authentication. If you don't trust all of the users on that host
> then you can use ident authentication, though if the db server and php/web
> server aren't the same host using identd may slow things down too much.

The web application, which will make the connection to the database, is normally running under the user apache, so I don't think I could use the ident method?


I have found this interesting info:

"The goal of the Negotiateauth project is to create an plugin for the Mozilla browser supporting the HTTP Negotiate authentication method. Main motivation is to add support for the Kerberos mechanism and use Kerberos tickets for user's authentication instead of their password. This way the user's Kerberos password will no longer be transfered to the web server. More information on the use of Negotiate method in Mozilla and Apache can be found at http://meta.cesnet.cz/software/heimdal/negotiate.en.html."

So maybe I could authenticate every user at the client machines with kerberos, and pass the kerberos ticket with this method to apache, who will pass it to php, which does use it to connect to postgresql.

Would now be interesting to know if I can authenticate to a Kerberos server with a smartcard.


-- 
Retrovirology Laboratory Luxembourg
Centre Hospitalier de Luxembourg
4, rue E. Barblé
L-1210 Luxembourg

phone: +352-44116105
fax:   +352-44116113
web: http://www.retrovirology.lu
e-mail: struck(dot)d(at)retrovirology(dot)lu

In response to

Responses

pgsql-php by date

Next:From: Daniel StruckDate: 2003-11-12 10:53:11
Subject: Re: client authentication towards postgresql in php?
Previous:From: Bruce MomjianDate: 2003-11-12 03:52:55
Subject: Re: Support for prepared queries

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group