client authentication towards postgresql in php?

Hello,


I am searching for a secure way to handle client authentication in php towards postgresql.

Let me explain what I like to setup:

Client will connect to the application via Apache.
The authentication of the clients will be done over ssl and the certificates of the clients will be stored on
smartcards.
(I have written a small documentation how to setup this at www.opensc.org).
Next I will read in the PHP application environment variables of apache to know if the user was correctly authenticated
byapache. 

In postgresql I would like to create for every client a user.
Purpose: automatically log every action like update/delete of users by rules without requiring scripts in php.

The problem I have is to authenticate the client to postgresql.
Of course I could save the passwords for the clients in a text file accessible by the php application, but I don't like
theidea of this file lying around on the hard drive. 

I thought about using Kerberos in this setup, sort of:

1.apache authenticates the client (two way ssl with smartcards)
2. client receives a ticket from kerberos
3. which php could forward to postgresql.

Is this possible?

Maybe someone knows another secure way of authenticating users to postgresql in a web application?


Best regards,
Daniel Struck


--
Retrovirology Laboratory Luxembourg
Centre Hospitalier de Luxembourg
4, rue E. Barblé
L-1210 Luxembourg

phone: +352-44116105
fax:   +352-44116113
web: http://www.retrovirology.lu
e-mail: struck.d@retrovirology.lu