CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: COSIGN: note: login form action="/"

  • To: shanti@xxxxxxxxx
  • Subject: Re: COSIGN: note: login form action="/"
  • From: kevin mcgowan <clunis@xxxxxxxxx>
  • Date: Tue, 23 Mar 2004 09:41:49 -0500
  • In-reply-to: <>
  • References: <> <>

On Mar 23, 2004, at 9:35 AM, Shanti Suresh wrote:

Hi Kevin,

I appreciate your posting that message. Quite detailed
and comprehensive, actually. One small thing that you might
want to consider adding though, for the benefit of
the newbie web-administrators out there, is that weblogin is dedicated
only for the purpose of running the cosign.cgi and authenticating; i.e. there are no user-directories or any other CGI scripts running.
Am I correct in making this assumption?
Just a thought that struck me because you turn ExecCGI on
at DocumentRoot. So I thought it might help to state
that the whole web-site is pretty trustworthy.

I've forwarded your message to the web archiver so your reply will appear on the web site (since I agree with you that this is important to point out).

Now is the reason you're not using "mod_rewrite"
because you included only select modules during
the server-build, so you can keep the httpd-size to the bare minumum?

It is true that we include only select modules during the server build and that mod_rewrite isn't one of them. I'm not using it here because I want to keep things as simple as possible. Using cosign.cgi as a DirectoryIndex seemed, to me, to do the same thing that a rewrite rule would do and to be more intuitable by an Apache admin. I may very well be incorrect. :)

People are, of course, free to use mod_rewrite on their weblogin servers if they choose, but I'm pretty happy with the setup we're using.


Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010