Hi,
I'm having intermittent problems connecting to my PostgreSQL database
from PHP, using Kerberos credentials forwarded from mod_auth_kerb.
- User authenticates via mod_auth_kerb,
(either Basic or Negotiate HTTP authenication)
- Kerberos credentials are stored in a file that lives for the lifetime
of the HTTP connection.
- PHP is passed a variable naming this file:
$_SERVER['KRB5CCNAME']
(eg. 'FILE:/tmp/krb5cc_apache_RcuW4s')
- Environment variable is set from PHP:
putenv("KRB5CCNAME={$_SERVER['KRB5CCNAME']}");
- Connection to PostgreSQL is attempted from PHP:
pg_connect("host=db.example.com dbname=krbtest user={$user}");
The trouble is that sometimes the connection works,
and sometimes it doesn't. It's very unpredictable. :(
Connecting with psql/kerberos works every time!
Does anyone have an idea of what could cause this?
Has anyone else tried this connection method and got it to work?
Tested on:
RedHat Enterprise Linux 3 & Gentoo Linux
Apache 2.0.46 & 2.0.49 (prefork)
mod_auth_kerb 5.0-rc5 & rc6
PHP 4.3.8
PostgreSQL 7.4.3
MIT KerberosV5 libs 1.3.3 & 1.3.4
Here is the test script I used:
<?php
$m = array();
# Remove kerberos realm from username
if (preg_match('#^(.+?)[/@]#', $_SERVER['REMOTE_USER'], $m)) {
$user = $m[1];
} else {
$user = 'guest';
}
echo "\nPID: ", getmypid(), "\n";
putenv("KRB5CCNAME={$_SERVER['KRB5CCNAME']}");
$cmd = "/usr/bin/klist";
echo "\n{$cmd}:\n";
passthru($cmd);
$connstr = "host=db.example.com dbname=krb user={$user}";
echo "\nConnection String:\n{$connstr}\n\n";
$db = pg_connect($connstr);
$res = pg_query($db,"SELECT current_user, session_user;");
print_r(pg_fetch_all($res));
pg_close($db);
?>
Cheers
--
Mark Gibson <gibsonm |AT| cromwell |DOT| co |DOT| uk>
Web Developer & Database Admin
Cromwell Tools Ltd.
Leicester, England.