Communications Software
plexcel_status
plexcel_find_authorities_by_domain
plexcel_get_authority
plexcel_get_domain
plexcel_log
plexcel_preamble
plexcel_authenticate
plexcel_sso
plexcel_logon
plexcel_logoff
plexcel_accept_token
plexcel_is_member_of
plexcel_set_password
plexcel_change_password
plexcel_gen_service_keytab
plexcel_search_objects
plexcel_get_account
plexcel_add_object
plexcel_modify_object
plexcel_delete_object
plexcel_set_attrdefs
plexcel_get_attrdefs
plexcel_set_conv_attrdefs
plexcel_logon |
Printer Friendly Format |
Synopsis
bool plexcel_logon(resource $px,
string $ssn_id,
string $acctname,
string $password)
Description
The plexcel_logon function performs a manual logon using a session id, account name and password. This function exhibits significantly different behavior if the password supplied is NULL – see the Cached Credentials section below.
Note: It is recommended that general purpose web applications use the plexcel_preamble or possibly the plexcel_authenticate function instead. They provide higher-level, more feature-full interfaces.
The $px parameter is the Plexcel context resource being authenticated.
The $ssn_id is a string identifier that will be used as a logon session identifier. The string returned by the session_id function is a good candidate for this parameter.
The $acctname parameter is the name of the account being authenticated. Currently this parameter must be in the user principal name form (e.g. bcarter@example.com ).
The $password parameter is the password for the named account. This parameter may also be NULL – see the Cached Credentials section below.
Note: It is strongly recommended that https:// be used when submitting client credentials to the server in plain text.
Cached Credentials
If the $password parameter is NULL , the plexcel_logon function will attempt to locate a cached credential (a TGT) using the supplied $ssn_id as a key. If one is found, the Plexcel context resource is authenticated and TRUE is returned. If a cached credential is not found, plexcel_logon sets the plexcel_status to PLEXCEL_NO_CREDS and returns FALSE .
If the $password parameter is not NULL , the plexcel_logon function will attempt to perform a Kerberos AS-REQ authentication. If the authentication is successful, the resulting credential (the TGT) is cached using the supplied $ssn_id parameter as a key (for subsequent retrieval when $password is NULL as described above). If the authentication is unsuccessful, plexcel_logon returns FALSE in which case plexcel_status should be consulted.
The plexcel_logoff function should be called to destroy the user's cached credential.
Returns
The plexcel_logon function returns TRUE if the logon was successful and FALSE if it was not in which case plexcel_status should be consulted.
Example
This example uses plexcel_logon to get a credential and use it to access a Kerberos protected web page.
<?php
session_start();
require_once('../plexcel.php');
$url = 'http://www2.example.com/private.html';
$username = 'user@example.com';
$password = 'pass';
$px = plexcel_new(NULL, array('putenv_krb5ccname' => TRUE));
if ($px == NULL)
die('<pre>' . plexcel_status(NULL) . '</pre>');
if (plexcel_logon($px, session_id(), $username, $password) == FALSE)
die('<pre>' . plexcel_status($px) . '</pre>');
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_GSSNEGOTIATE);
curl_setopt($ch, CURLOPT_USERPWD, NULL);
$resp = curl_exec($ch);
curl_close($ch);
echo '<small><pre>' . htmlspecialchars($resp) . '</pre></small>';
?>
Using plexcel_logon to get a credential and use it to access a Kerberos protected web page.
See also
plexcel_logoff | plexcel_preamble | plexcel_authenticate | plexcel_sso