LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 06-24-2005, 08:28 AM   #1
slacky
Member
 
Registered: Feb 2004
Location: USA
Distribution: Debian
Posts: 174

Rep: Reputation: 16
Apache+PHP+PostgreSQL+Kerberos+Windows 2000 AD Automagic logon


Hi,

What I'm trying to do is set up a Linux (Debian Sarge), Apache2, PHP, and PostgreSQL web server to will allow my users to "automagically" log on via Kerberos without a username/password prompt. User accounts are on a Windows 2000 AD Domain. I've got mod-auth-kerb installed and working under Apache - it seems to be working fine, I can get the automagic logon to work under Firefox and IE on Windows XP, and under Firefox on Linux if I do a kinit first. PostgreSQL is supposed to support Kerberos, and it does seem to work for the psql program on my Linux workstation (after kinit again). However, I cannot seem to do a pass-thru logon where a PHP script can automatically logon to Postgres with Kerberos after Apache successfully authenticated for the page with mod-auth-kerb.

I get the following error from PHP:
Warning: pg_connect(): Unable to connect to PostgreSQL server: Kerberos 5 authentication failed in /var/www/kerb/pgtest.php on line 15

And I get the following error from postgres's log:
2005-06-24 09:19:17 [19064] LOG: connection received: host=192.168.2.59 port=33091
2005-06-24 09:19:17 [19064] LOG: Kerberos recvauth returned error 103
postgres: Software caused connection abort from krb5_recvauth
2005-06-24 09:19:17 [19064] FATAL: Kerberos5 authentication failed for user "username"


Web server is 192.168.2.59, my Linux workstation is 192.168.2.32, Apache and PostgreSQL are both installed on the same server.

Does anyone know what I'm doing wrong, or has anyone gotten this to work?

Thanks,
Josh

Code:
Apache mod-auth-kerb config:
<Location /kerb>
    AuthType Kerberos
    AuthName "Kerberos Login"
    KrbServiceName HTTP
    Krb5Keytab /etc/apache2/auth_kerb.keytab
    KrbAuthRealms MYDOMAIN.COM
    KrbMethodNegotiate on
    KrbSaveCredentials on
    KrbVerifyKDC on
    KrbMethodK5Passwd on
    require valid-user
</Location>

/etc/postgresql/pg_hba.conf snippet:
host    all         all                 192.168.2.59   255.255.255.255   krb5
host    all         all                 127.0.0.1          255.255.255.255   md5
host    all         all                 192.168.2.32   255.255.255.255   krb5
host    all         username   192.168.2.0      255.255.255.0       md5
PHP Code:
<html>
<head>
        <title>PostgreSQL PHP Test Page</title>
</head>
<body>
<h1>PostgreSQL PHP Test Page</h1>
<?php

putenv
("KRB5CCNAME={$_SERVER['KRB5CCNAME']}");

$str "host=lamp.domain.com port=5432 dbname=MSDS"// user=username" . $_SERVER["REMOTE_USER"] . " password=nopass";

print "<h2>$str</h2>";

$conn pg_connect($str);
if (
$conn) {
        print 
"<p>Connection Succeeded!</p>";

        
$rs pg_query("SELECT * FROM categorylist");
        if (
$rs) {
                print 
"<ul>";
                while (
$row pg_fetch_row($rs)) {
                        print 
"<li>$row[0]</li>";
                }
                print 
"</ul>";
        }
        
pg_close($conn);
} else {
        die(
"<p>Connection failed.</p>");
}
?>
</body>
</html>
 
Old 06-28-2005, 12:13 PM   #2
slacky
Member
 
Registered: Feb 2004
Location: USA
Distribution: Debian
Posts: 174

Original Poster
Rep: Reputation: 16
I think I figured this out - it seems to work okay if I run PHP as CGI and not mod_php. I also had to logoff/logon my Windows XP PC once before it worked correctly from there - the Linux workstation worked right away.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache,PHP and PostgreSQL in a package Boby Linux - Software 1 03-29-2005 06:21 PM
Apache+Postgresql+PHP. reconfigure? vickr1z Linux - Newbie 2 08-23-2004 02:58 AM
Apache-php-postgresql-phppgadmin koswo Linux - Software 0 02-05-2004 06:05 AM
how to link apache+php+postgresql Sridhar Guntur Linux - General 3 01-09-2003 01:22 AM
Logon to a Windows 2000 domain jeucken Linux - Networking 3 10-04-2002 11:42 PM


All times are GMT -5. The time now is 05:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration