Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 06-24-2005, 08:28 AM   #1
Registered: Feb 2004
Location: USA
Distribution: Debian
Posts: 174

Rep: Reputation: 16
Apache+PHP+PostgreSQL+Kerberos+Windows 2000 AD Automagic logon


What I'm trying to do is set up a Linux (Debian Sarge), Apache2, PHP, and PostgreSQL web server to will allow my users to "automagically" log on via Kerberos without a username/password prompt. User accounts are on a Windows 2000 AD Domain. I've got mod-auth-kerb installed and working under Apache - it seems to be working fine, I can get the automagic logon to work under Firefox and IE on Windows XP, and under Firefox on Linux if I do a kinit first. PostgreSQL is supposed to support Kerberos, and it does seem to work for the psql program on my Linux workstation (after kinit again). However, I cannot seem to do a pass-thru logon where a PHP script can automatically logon to Postgres with Kerberos after Apache successfully authenticated for the page with mod-auth-kerb.

I get the following error from PHP:
Warning: pg_connect(): Unable to connect to PostgreSQL server: Kerberos 5 authentication failed in /var/www/kerb/pgtest.php on line 15

And I get the following error from postgres's log:
2005-06-24 09:19:17 [19064] LOG: connection received: host= port=33091
2005-06-24 09:19:17 [19064] LOG: Kerberos recvauth returned error 103
postgres: Software caused connection abort from krb5_recvauth
2005-06-24 09:19:17 [19064] FATAL: Kerberos5 authentication failed for user "username"

Web server is, my Linux workstation is, Apache and PostgreSQL are both installed on the same server.

Does anyone know what I'm doing wrong, or has anyone gotten this to work?


Apache mod-auth-kerb config:
<Location /kerb>
    AuthType Kerberos
    AuthName "Kerberos Login"
    KrbServiceName HTTP
    Krb5Keytab /etc/apache2/auth_kerb.keytab
    KrbAuthRealms MYDOMAIN.COM
    KrbMethodNegotiate on
    KrbSaveCredentials on
    KrbVerifyKDC on
    KrbMethodK5Passwd on
    require valid-user

/etc/postgresql/pg_hba.conf snippet:
host    all         all          krb5
host    all         all          md5
host    all         all          krb5
host    all         username       md5
PHP Code:
        <title>PostgreSQL PHP Test Page</title>
<h1>PostgreSQL PHP Test Page</h1>


$str " port=5432 dbname=MSDS"// user=username" . $_SERVER["REMOTE_USER"] . " password=nopass";

print "<h2>$str</h2>";

$conn pg_connect($str);
if (
$conn) {
"<p>Connection Succeeded!</p>";

$rs pg_query("SELECT * FROM categorylist");
        if (
$rs) {
                while (
$row pg_fetch_row($rs)) {
} else {
"<p>Connection failed.</p>");
Old 06-28-2005, 12:13 PM   #2
Registered: Feb 2004
Location: USA
Distribution: Debian
Posts: 174

Original Poster
Rep: Reputation: 16
I think I figured this out - it seems to work okay if I run PHP as CGI and not mod_php. I also had to logoff/logon my Windows XP PC once before it worked correctly from there - the Linux workstation worked right away.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache,PHP and PostgreSQL in a package Boby Linux - Software 1 03-29-2005 06:21 PM
Apache+Postgresql+PHP. reconfigure? vickr1z Linux - Newbie 2 08-23-2004 02:58 AM
Apache-php-postgresql-phppgadmin koswo Linux - Software 0 02-05-2004 06:05 AM
how to link apache+php+postgresql Sridhar Guntur Linux - General 3 01-09-2003 01:22 AM
Logon to a Windows 2000 domain jeucken Linux - Networking 3 10-04-2002 11:42 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:13 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration