Hi all,
I am working on an intranet developed with PHP, using PostgreSQL as a backend, running on a coupple of Linux boxes (one for web, one for database).
FYI, the versions I am using are:
- RedHat 7.3
- Apache 1.3.23
- PHP 4.1.2
- PostgreSQL 7.2.4
In my development version (everything in one - separate - server, same versions) I am trying to integrate Kerberos authentication, so that users can access the application using their Windows 2000 network account. After reading a lot, I was able to setup Kerberos authentication for PostgreSQL using the W2K domain as the kerberos server, and I managed to do some simple PHP scripts opening persistant connections to the database using Kerberos authentication.
My problem now, is that my actual application is frame-based, and it seems that the persistant connection works for one or two out of the four frames, and the others behave just as if the DB connection would not exist...
I *think* the problem has to do with how Apache + PHP handle the processes and the DB connections. Since I only want to do the actual login process (i.e. the form with login/password) once, and since for security reasons prefer NOT to save the password anywere (on a session variable or similar), then I require that all scripts are served by the same process which has the authentication with the database, and this is what seems not to be working...
I have configured Apache to use KeepAlive, and PHP to use persistent connections with a limit of 1 connection per child. I have also tried other configurations and the results are the same...
Any ideas (or even examples) on how to integrate a secure Kerberos authentication using Apache + PHP + PostgreSQL will be greatly appreciated.
Regards,
J.Cortina
Complex security environment
Moderator: General Moderators
My question simplified
Ok, after some more tests, I could re-phrase my question:
Is it possible to force a client (i.e. each individual visitor) to use a specific (i.e. the same) Apache process?
I just changed my Apache configuration to have MaxClients = 1, and then everything works as expected, but otherways Apache just opens processes as needed (serving even the same visitor with different processes) and then my database authentication which is valid in one process is not valid in the next.
Thanks
Is it possible to force a client (i.e. each individual visitor) to use a specific (i.e. the same) Apache process?
I just changed my Apache configuration to have MaxClients = 1, and then everything works as expected, but otherways Apache just opens processes as needed (serving even the same visitor with different processes) and then my database authentication which is valid in one process is not valid in the next.
Thanks
You wouldn't want too, if you did and had 20K users, that's 20K proc's all taking up mem and proc time.
I don't think you would be able to sustain the model, from both a hardware point of view and code.
What about encrypting (simple/complex) your info and writing to a cookie/session, even though you don't want to do this, Apache is'nt built for the model you require.
Regards,
Addition:
http://www.phpfreaks.com/postgresqlmanu ... thods.html
http://www.google.com/search?num=100&hl ... PostgreSQL
I don't think you would be able to sustain the model, from both a hardware point of view and code.
What about encrypting (simple/complex) your info and writing to a cookie/session, even though you don't want to do this, Apache is'nt built for the model you require.
Regards,
Addition:
http://www.phpfreaks.com/postgresqlmanu ... thods.html
http://www.google.com/search?num=100&hl ... PostgreSQL