FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Plugins and Code Hacks » Kerberos experiences?
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Kerberos experiences? [message #166333] Wed, 16 November 2011 18:29 Go to next message
max is currently offline  max
Messages: 1
Registered: November 2011
Karma: 0
Junior Member
I was wondering if anybody has any experience getting FUDForum to authenticate users via Kerberos? A preliminary search didn't turn up much on the forum or on the wiki.

I am open to rolling my own plugin of some sort -- my particular use case involves Kerberos authentication against an LDAP (Active Directory) user database -- but I was wondering first if anybody has already looked at Kerberos integration, or has any thoughts on how easy/hard it would be to implement.

Apparently there is an old phpBB plugin (now unmaintained) for single sign-on via Kerberos/LDAP (http://phpbb.com/community/viewtopic.php?f=70&t=1620325&p=9732515) -- that might be a reasonable place to start, as far as how to implement (ignoring all the phpBB-specific bits).
Re: Kerberos experiences? [message #166447 is a reply to message #166333] Tue, 13 December 2011 00:47 Go to previous messageGo to next message
naudefj is currently offline  naudefj   South Africa
Messages: 3771
Registered: December 2004
Karma: 28
Senior Member
Administrator
Core Developer
We have an LDAP plugin, but I don't think it supports Kerberos.
Have a look and let us know if you can re-use / update it to support Kerberos.
Re: Kerberos experiences? [message #166474 is a reply to message #166333] Sun, 18 December 2011 01:45 Go to previous message
ShineOn is currently offline  ShineOn   United States
Messages: 53
Registered: July 2011
Karma: 1
Member
max wrote on Wed, 16 November 2011 12:29
I was wondering if anybody has any experience getting FUDForum to authenticate users via Kerberos? A preliminary search didn't turn up much on the forum or on the wiki.

I am open to rolling my own plugin of some sort -- my particular use case involves Kerberos authentication against an LDAP (Active Directory) user database -- but I was wondering first if anybody has already looked at Kerberos integration, or has any thoughts on how easy/hard it would be to implement.

Apparently there is an old phpBB plugin (now unmaintained) for single sign-on via Kerberos/LDAP (http://phpbb.com/community/viewtopic.php?f=70&t=1620325&p=9732515) -- that might be a reasonable place to start, as far as how to implement (ignoring all the phpBB-specific bits).
Are you looking to authenticate users against AD, or are you looking for SSO capability, such that AD-authenticated users would automagically be authenticated to FUD using their logged-in identities?

Kerberizing a web application isn't all that simple. LDAP auth is relatively easy, but for the web app to do kerberos authentication it has to be able to talk to the KDC, so it needs to know the realm and has to be able to find the KDC. It needs a user ID in the realm that it can handle whatever Kerberos needs for the type of authentication you want to do, whether it's checking to see if a logged-in user has a valid ticket or it's obtaining a TGT so it can grant an auth ticket to the user.

If you're using Linux on the server side, there may be PAM modules that will help. You may need to use nsswitch. If you're using Apache, there is a kerberos authentication module that you might be able to leverage.

There are a lot of resources out there for how to kerberize a web site. Google is your friend. The trick is to find instructions that specifically speak to using MS Active Directory as the Kerberos KDC and LDAP server. Many will discuss using OpenLDAP and Heimdal or MIT Kerberos 5.

[Updated on: Sun, 18 December 2011 01:59]

Report message to a moderator

  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Patch needed $$ - forum subscription emails send from mail list address
Next Topic: Drupal CMS integration
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 30 21:11:30 GMT 2024

Total time taken to generate the page: 0.02369 seconds