robin/smb
1
0
Fork 0
mirror of https://codeberg.org/icewind/SMB.git synced 2026-06-03 17:24:07 +02:00
Code Issues Projects Releases Packages Wiki Activity

update README

Browse source
This commit is contained in:
Robin Appelman 2023-08-09 17:17:32 +02:00
commit 530235b2d2
1 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -65,19 +65,20 @@ $server = $serverFactory->createServer('localhost', $auth);
By re-using a client ticket you can create a single sign-on setup where the user authenticates against By re-using a client ticket you can create a single sign-on setup where the user authenticates against
the web service using kerberos. And the web server can forward that ticket to the smb server, allowing it the web service using kerberos. And the web server can forward that ticket to the smb server, allowing it
to act on the behalf of the user without requiring the user to enter his passord. to act on the behalf of the user without requiring the user to enter his password.
The setup for such a system is fairly involved and requires roughly the following this The setup for such a system is fairly involved and requires roughly the following this
- The web server is authenticated against kerberos with a machine account - The web server is authenticated against kerberos with a machine account
- Delegation is enabled for the web server's machine account - Delegation is enabled for the web server's machine account
- Apache is setup to perform kerberos authentication and save the ticket in it's environment - The web server is setup to perform kerberos authentication and save the ticket in it's environment
- Php has the krb5 extension installed - Php has the krb5 extension installed
- The client authenticates using a ticket with forwarding enabled - The client authenticates using a ticket with forwarding enabled
```php ```php
$serverFactory = new ServerFactory(); $serverFactory = new ServerFactory();
$auth = new KerberosApacheAuth(); $auth = new KerberosAuth();
$auth->setTicket(KerberosTicket::fromEnv());
$server = $serverFactory->createServer('localhost', $auth); $server = $serverFactory->createServer('localhost', $auth);
``` ```