Kerberos and Coldfusion

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Kerberos and Coldfusion

Puidokas, Eric
I am a student programmer for Michigan State's business college.

I have been asked to implement the university's Kerberos system with our
website.  However, the rest of the college is programmed using PHP and I
am using coldfusion, so I have no examples to work from.

 

Can you offer me any help on how to do this? Macromedia's website has
offered little  help.

 

Eric Puidokas

Web Programmer

Eli Broad College of Business

[hidden email]

 

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Kerberos and Coldfusion

Mark Montague
On Wed, 1 Jun 2005, Puidokas, Eric wrote:

> I am a student programmer for Michigan State's business college.
>
> I have been asked to implement the university's Kerberos system with our
> website.  However, the rest of the college is programmed using PHP and I
> am using coldfusion, so I have no examples to work from.

Getting and manipulating Kerberos tickets from within Cold Fusion is
probably a mistake, unless you need your Cold Fusion application to
access Kerberos-authenticated resources (such as file servers
or email servers) on behalf of the end user -- this can be quite
complicated.

If you instead just need to verify the user's identity for use
within your own Cold Fusion application, then I'd suggest letting
the web server handle all of the Kerberos authentication for
your application.  If you SSL protect your application (or just
certain pages) and require authentication then the web server
will ensure that the user is properly authenticated before your
Cold Fusion code is run.

I am not familiar with Microsoft IIS (maybe someone else can
provide assistance if that is what you are using), but if you
are running your Cold Fusion code under Apache then you
might want to look at mod_auth_gss_krb5 (available
at http://modgssapache.sourceforge.net/) or mod_auth_kerb
(available at http://modauthkerb.sourceforge.net/)

I hope this helps.

                Mark Montague
                LS&A Information Technology
                The University of Michigan
                [hidden email]

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos