Skip to content

Users Authentication

Jump to bottom
dpslwk edited this page Mar 18, 2021 · 3 revisions

As part of the Nottinghack's wider single sign-on system we use Kerberos to store user passwords, for Laravel to handle this we have implemented a custom UserProvider and a PasswordStore interface.

The HmsUserProvider extends the DoctrineUserProvider overriding the __construct, retrieveById and validateCredentials methods to allow use of the PasswordStore

##PasswordStore The PasswordStore interface has a few concrete implementations FileBased Doctrine and Kerberos
Which implementation is use is controlled by the environment variable PASSWORDSTORE and loading into the laravel IoC is handled by the PasswordStoreManager.

Any implementation needs to provide all functions defined in the interface (listed below)

  • add
  • remove
  • exists
  • setPassword
  • checkPassword

###FileBasePasswordStore This implementation uses a simple json from kept in the storage/ folder, the file name can be set using the PASSWORDSTORE_FILE environment variable

###KerberosPasswordStore This implementation uses Kerberos backend.
It requires a kerberos server and that php has the kbr5 extension loaded, https://pecl.php.net/package/krb5

The following environment variables are needed.

  • KRB_USERNAME
  • KRB_KEYTAB
  • KRB_REALM

The following environment variables are optional

  • KRB_DEBUG (default false)

###DoctrinePasswordStore Introduced in 2.7.0 This implementation uses the password field on the User Entity.
No other environment variables are required.

Table of Contents

Clone this wiki locally