Re: client authentication towards postgresql in php?

From: Daniel Struck <struck(dot)d(at)retrovirology(dot)lu>(by way of Daniel Struck <struck(dot)d(at)retrovirology(dot)lu>)
To: Bruno Wolff III <bruno(at)wolff(dot)to>
Cc: Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, pgsql-php(at)postgresql(dot)org
Subject: Re: client authentication towards postgresql in php?
Date: 2003-11-12 10:26:03
Message-ID: 20031112112603.1eb5d786.struck.d@retrovirology.lu
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-php

On Tue, 11 Nov 2003 12:47:52 -0600
Bruno Wolff III <bruno(at)wolff(dot)to> wrote:

> If you trust the host the php/web server runs on you may be able to use
> trust authentication. If you don't trust all of the users on that host
> then you can use ident authentication, though if the db server and php/web
> server aren't the same host using identd may slow things down too much.

The web application, which will make the connection to the database, is normally running under the user apache, so I don't think I could use the ident method?

I have found this interesting info:

"The goal of the Negotiateauth project is to create an plugin for the Mozilla browser supporting the HTTP Negotiate authentication method. Main motivation is to add support for the Kerberos mechanism and use Kerberos tickets for user's authentication instead of their password. This way the user's Kerberos password will no longer be transfered to the web server. More information on the use of Negotiate method in Mozilla and Apache can be found at http://meta.cesnet.cz/software/heimdal/negotiate.en.html."

So maybe I could authenticate every user at the client machines with kerberos, and pass the kerberos ticket with this method to apache, who will pass it to php, which does use it to connect to postgresql.

Would now be interesting to know if I can authenticate to a Kerberos server with a smartcard.

--
Retrovirology Laboratory Luxembourg
Centre Hospitalier de Luxembourg
4, rue E. Barblé
L-1210 Luxembourg

phone: +352-44116105
fax: +352-44116113
web: http://www.retrovirology.lu
e-mail: struck(dot)d(at)retrovirology(dot)lu

In response to

Responses

Browse pgsql-php by date

  From Date Subject
Next Message Daniel Struck 2003-11-12 10:53:11 Re: client authentication towards postgresql in php?
Previous Message Bruce Momjian 2003-11-12 03:52:55 Re: Support for prepared queries