NYCPHP Meetup

NYPHP.org

[nycphp-talk] IE Integrated Security + PHP

billy reisinger billy.reisinger at gmail.com
Tue Nov 29 09:27:39 EST 2005


Dear Jeof -
You'll have to excuse me if I don't understand the problem correctly... I
think that you could use sessions for this purpose (
http://us2.php.net/session).  You can store the username and (one-way
encrypted) password in a user's session, along with a unix timestamp
indicating the time he/she logged in.  You can then authenticate those
against a db from any number of different domains.   I think it is even
possible for multiple web servers to share the same user sessions (though
I'm not sure how that is done).  If you can't share sessions between
servers, then you can at least create a database table to act like a
session, with records that expire after a pre-determined time.  It's not MS
Integrated Security, so it might not be what you are looking for - but it is
a widely-used authentication method (certainly works for me).

Cheers,


--
Billy Reisinger
billy.reisinger at gmail.com
410.736.0148

On 11/28/05, Jeof Oyster <joyster at headwaycorp.com> wrote:
>
> Has anyone ever tried to integrate MS Integrated Security with a PHP
> site? Here's the scenario:
>
> Internally, we have several sites on different domains for different
> things (like our help desk, our intranet, our CRM software, etc). Usually,
> users have to log into each site using their network credential, however,
> through a Kerberos set up, we are using Integrated Security in Microsoft and
> IE,  so that when a user who is already authenticated on the network goes
> to one of these sites, the Integrated Security / Kerberos set up recognizes
> them and does not force them to log in again.
>
> Now, I plan on redeveloping our Intranet website using PHP, and plan on
> building applications that would require user authentication (basically -
> just the username). I want to be able to "sense" what user is logged in
> through Integrated Security and use THAT user name  (all the peons'
> computers are forced to use IE) . If it were a cookie then PHP would
> automatically sense that, of course, but Integrated Security is something
> different, we think (my techs seem to be unsure how it actually works, or
> they were too busy to give me a full answer).
>
> Any idea if Integrated Security says anything to the website about the
> user's presence so that I can grab it with PHP, rather than having to have
> the user re-enter their username or full credential?
>
> *Jeof Oyster
> **System Analyst / Information &Technology Office
> *Phone: 212-672-6683
> Fax:  215-975-6683 (efax)
> Email: joyster at headwaycorp.com
>
> http://www.headwaycorp.com
>
>
> **********************************************************************
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material. Any review, retransmission, dissemination or other use of, or
> taking of any action in reliance upon, this information by persons or
> entities other than the intended recipient is prohibited. If you received
> this in error, please contact the sender and delete the material from any
> computer.
> **********************************************************************
> _______________________________________________
> New York PHP Talk Mailing List
> AMP Technology
> Supporting Apache, MySQL and PHP
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.nyphp.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20051129/f2b95fa4/attachment.html>


More information about the talk mailing list