Hi,
What I'm trying to do is set up a Linux (Debian Sarge), Apache2, PHP, and PostgreSQL web server to will allow my users to "automagically" log on via Kerberos without a username/password prompt. User accounts are on a Windows 2000 AD Domain. I've got mod-auth-kerb installed and working under Apache - it seems to be working fine, I can get the automagic logon to work under Firefox and IE on Windows XP, and under Firefox on Linux if I do a kinit first. PostgreSQL is supposed to support Kerberos, and it does seem to work for the psql program on my Linux workstation (after kinit again). However, I cannot seem to do a pass-thru logon where a PHP script can automatically logon to Postgres with Kerberos after Apache successfully authenticated for the page with mod-auth-kerb.
I get the following error from PHP:
Warning: pg_connect(): Unable to connect to PostgreSQL server: Kerberos 5 authentication failed in /var/www/kerb/pgtest.php on line 15
And I get the following error from postgres's log:
2005-06-24 09:19:17 [19064] LOG: connection received: host=192.168.2.59 port=33091
2005-06-24 09:19:17 [19064] LOG: Kerberos recvauth returned error 103
postgres: Software caused connection abort from krb5_recvauth
2005-06-24 09:19:17 [19064] FATAL: Kerberos5 authentication failed for user "username"
Web server is 192.168.2.59, my Linux workstation is 192.168.2.32, Apache and PostgreSQL are both installed on the same server.
Does anyone know what I'm doing wrong, or has anyone gotten this to work?
Thanks,
Josh
Code:
Apache mod-auth-kerb config:
<Location /kerb>
AuthType Kerberos
AuthName "Kerberos Login"
KrbServiceName HTTP
Krb5Keytab /etc/apache2/auth_kerb.keytab
KrbAuthRealms MYDOMAIN.COM
KrbMethodNegotiate on
KrbSaveCredentials on
KrbVerifyKDC on
KrbMethodK5Passwd on
require valid-user
</Location>
/etc/postgresql/pg_hba.conf snippet:
host all all 192.168.2.59 255.255.255.255 krb5
host all all 127.0.0.1 255.255.255.255 md5
host all all 192.168.2.32 255.255.255.255 krb5
host all username 192.168.2.0 255.255.255.0 md5
PHP Code:
<html>
<head>
<title>PostgreSQL PHP Test Page</title>
</head>
<body>
<h1>PostgreSQL PHP Test Page</h1>
<?php
putenv("KRB5CCNAME={$_SERVER['KRB5CCNAME']}");
$str = "host=lamp.domain.com port=5432 dbname=MSDS"; // user=username" . $_SERVER["REMOTE_USER"] . " password=nopass";
print "<h2>$str</h2>";
$conn = pg_connect($str);
if ($conn) {
print "<p>Connection Succeeded!</p>";
$rs = pg_query("SELECT * FROM categorylist");
if ($rs) {
print "<ul>";
while ($row = pg_fetch_row($rs)) {
print "<li>$row[0]</li>";
}
print "</ul>";
}
pg_close($conn);
} else {
die("<p>Connection failed.</p>");
}
?>
</body>
</html>