Complex security environment
Posted: Thu Jun 12, 2003 10:00 am
Hi all,
I am working on an intranet developed with PHP, using PostgreSQL as a backend, running on a coupple of Linux boxes (one for web, one for database).
FYI, the versions I am using are:
- RedHat 7.3
- Apache 1.3.23
- PHP 4.1.2
- PostgreSQL 7.2.4
In my development version (everything in one - separate - server, same versions) I am trying to integrate Kerberos authentication, so that users can access the application using their Windows 2000 network account. After reading a lot, I was able to setup Kerberos authentication for PostgreSQL using the W2K domain as the kerberos server, and I managed to do some simple PHP scripts opening persistant connections to the database using Kerberos authentication.
My problem now, is that my actual application is frame-based, and it seems that the persistant connection works for one or two out of the four frames, and the others behave just as if the DB connection would not exist...
I *think* the problem has to do with how Apache + PHP handle the processes and the DB connections. Since I only want to do the actual login process (i.e. the form with login/password) once, and since for security reasons prefer NOT to save the password anywere (on a session variable or similar), then I require that all scripts are served by the same process which has the authentication with the database, and this is what seems not to be working...
I have configured Apache to use KeepAlive, and PHP to use persistent connections with a limit of 1 connection per child. I have also tried other configurations and the results are the same...
Any ideas (or even examples) on how to integrate a secure Kerberos authentication using Apache + PHP + PostgreSQL will be greatly appreciated.
Regards,
J.Cortina
I am working on an intranet developed with PHP, using PostgreSQL as a backend, running on a coupple of Linux boxes (one for web, one for database).
FYI, the versions I am using are:
- RedHat 7.3
- Apache 1.3.23
- PHP 4.1.2
- PostgreSQL 7.2.4
In my development version (everything in one - separate - server, same versions) I am trying to integrate Kerberos authentication, so that users can access the application using their Windows 2000 network account. After reading a lot, I was able to setup Kerberos authentication for PostgreSQL using the W2K domain as the kerberos server, and I managed to do some simple PHP scripts opening persistant connections to the database using Kerberos authentication.
My problem now, is that my actual application is frame-based, and it seems that the persistant connection works for one or two out of the four frames, and the others behave just as if the DB connection would not exist...
I *think* the problem has to do with how Apache + PHP handle the processes and the DB connections. Since I only want to do the actual login process (i.e. the form with login/password) once, and since for security reasons prefer NOT to save the password anywere (on a session variable or similar), then I require that all scripts are served by the same process which has the authentication with the database, and this is what seems not to be working...
I have configured Apache to use KeepAlive, and PHP to use persistent connections with a limit of 1 connection per child. I have also tried other configurations and the results are the same...
Any ideas (or even examples) on how to integrate a secure Kerberos authentication using Apache + PHP + PostgreSQL will be greatly appreciated.
Regards,
J.Cortina