[horde] Horde 3.1.3 and Kerberos auth

Torsten Becker t.becker at nc-world.de
Tue Nov 13 08:13:38 UTC 2007


Hi,

I changed the line in php.ini file to:

extension=libphpkrb5.so

After a restart of Apache the Webinterface of Horde does not show a error message. 
But I am prompted to give username and password. Login with username/password is ok.

Putting the Browser to krb5.php to test if it can get the rignt username/password from cerberos gives me an OK.

I have strace'd another tool (/usr/bin/krb5test) and can see that this tool can connect to my cerberos server.
But this tools gives me no feedback. There should be a 0 for OK and some other belonging to the error.
 
The Logfile stays to show this messages:

Nov 13 08:56:01 HORDE [emergency] [] Auth_krb5: Required krb5 extension not found. [on line 52 of "/usr/share/horde3/lib/Horde/Auth/krb5.php"]
Nov 13 08:57:01 HORDE [emergency] [] Auth_krb5: Required krb5 extension not found. [on line 52 of "/usr/share/horde3/lib/Horde/Auth/krb5.php"]
Nov 13 08:58:01 HORDE [emergency] [] Auth_krb5: Required krb5 extension not found. [on line 52 of "/usr/share/horde3/lib/Horde/Auth/krb5.php"]
Nov 13 08:59:01 HORDE [emergency] [] Auth_krb5: Required krb5 extension not found. [on line 52 of "/usr/share/horde3/lib/Horde/Auth/krb5.php"]
Nov 13 09:00:01 HORDE [emergency] [] Auth_krb5: Required krb5 extension not found. [on line 52 of "/usr/share/horde3/lib/Horde/Auth/krb5.php"]

This messages appears once every minute.





Michael Herde schrieb:
> Hi there,
>
> have you tried ldd to check out the dependencies of the php4 module ? Is the
> cerberos library mentioned there ? Is the php4 module the apache uses  
> the same that you compiled ? These are questions i would ask to fix  
> the problem.
>   
horde:~# ldd /usr/lib/php4/20050606+lfs/libphpkrb5.so
        linux-gate.so.1 =>  (0xb7f8a000)
        libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7f04000)
        libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7edf000)
        libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7edc000)
        libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7da8000)
        libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7d94000)
        libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7d8f000)
        /lib/ld-linux.so.2 (0x80000000)

phpinfo() gives this output for krb5:

krb5 support 	enabled


Validate kerberos5 login. Usage krb5_login(user, password). Returns 
KRB5_OK if user and password match. Returns KRB5_BAD_PASSWORD if wrong 
password. Returns KRB5_BAD_USER if user invalid. Returns KRB5_NOTOK on 
error.



> Quoting Torsten Becker <t.becker at nc-world.de>:
>
>   
>> Is anyone using kerberos authentication with horde3? Perhaps with the
>> newer php5? Are there any hints for me?
>>     
>
> some years ago i compiled that cerberos module for php4. i had to  
> realize that that module was only misleadingly called a cerberos  
> module. It only tried to authenticate letting the cerberos server  
> check the login/password credentials and recieving true or false. But  
> unfortunatly it was not able to store the tickets afterwards. So it  
> would be only suitable for authentication and than you would have to  
> store the login/password credentials in the session as usual. Horde  
> would not be able to store the ticket instead in the session by using  
> that php module.
>
> Maybe i'm wrong - maybe the module was enhanced in the meantime. I  
> noticed the development stopped 2001 appr.
>
> We would have great demand for such a module here too. Our  
> authentication systems based upon cerberos.
>
>   
Is it possible for you to authenticate against cerberos without beeing 
asked for username/password in every module (mostly needed 
imp,ingo,turba,kronolith)?
I 'm searching for a groupware system that can handle this and thought 
horde would do the job. But I'm not fixed to Horde...

mfg
Torsten Becker




More information about the horde mailing list