File: krb5.php

package info (click to toggle)
horde2 2.2.8-1sarge3
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 3,832 kB
  • ctags: 2,897
  • sloc: php: 12,784; sh: 954; sql: 149; makefile: 104; perl: 97; xml: 24; pascal: 6
file content (92 lines) | stat: -rw-r--r-- 2,652 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
<?php
/*
 * $Horde: horde/lib/Auth/krb5.php,v 1.1.2.6 2003/02/18 00:33:01 jan Exp $
 *
 * Copyright 2002-2003 Michael Slusarz <slusarz@bigworm.colorado.edu>
 *
 * See the enclosed file COPYING for license information (LGPL). If you
 * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
 */

Horde::functionCheck('krb5_login', true,
    'Auth_krb5: Required kerberos functions were not found.');

/**
 * The Auth_krb5 class provides an kerberos implementation of the Horde
 * authentication system.
 *
 * Kerberos must be correctly configured on your system for this class to
 * work correctly.
 * Additionally, this driver requires the 'krb5' PHP extension to be loaded.
 * The module can be downloaded here:
 *   http://bigworm.colorado.edu/phpkrb5/
 *
 * @author  Michael Slusarz <slusarz@bigworm.colorado.edu>
 * @version $Revision: 1.1.2.6 $
 * @since   Horde 2.2
 * @package horde.auth
 */
class Auth_krb5 extends Auth {

    /**
     * Hash containing connection parameters.
     *
     * @var array $params
     */
    var $params = array();


    /**
     * Constructs a new Kerberos permissions object.
     *
     * @param optional array $params  A hash containing connection parameters.
     */
    function Auth_krb5($params = array())
    {
        $this->setParams($params);
    }

    /**
     * Set parameters.
     *
     * @param array $params  The parameter hash.
     */
    function setParams($params)
    {
        $this->params = $params;
    }

    /**
     * Find out if a set of login credentials are valid.
     *
     * @param string $userID      The userID to check.
     * @param array $credentials  An array of login credentials.
     *                            For kerberos, this must contain a password
     *                            entry.
     *
     * @return boolean  Whether or not the credentials are valid.
     */
    function _authenticate($userID, $credentials)
    {
        if (!array_key_exists('password', $credentials)) {
            return false;
        }
        $result = krb5_login($userID, $credentials['password']);

        /* Results: KRB5_OK, KRB5_NOTOK, KRB5_BAD_PASSWORD, KRB5_BAD_USER */
        if ($result === KRB5_OK) {
            return true;
        } else {
            if ($result === KRB5_BAD_PASSWORD) {
                $this->_setAuthError(_("Bad kerberos password."));
            } elseif ($result === KRB5_BAD_USER) {
                $this->_setAuthError(_("Bad kerberos username."));
            } else {
                $this->_setAuthError(_("Kerberos server rejected authentication."));
            }
            return false;
        }
    }

}
?>