cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Another quick question and possible bug report
On Mar 28, 2004, at 9:17 PM, Brett Lomas wrote:
Also, I think I have found a bug in the CoSign package. If the client
isn’t in the /usr/local/etc/cosign.conf mod_cosign gets a return of 1
from cosign_cookie_valid (ie cv = 1) which cause it to fall through to
the set_cookie label, which causes an infinite loop (it set the cookie
and attempt to access the CGI, and then goes back to the web resource
and does it all again J ).
Good call! We've made a change to the daemon and both filters that will
more gracefully handle such a configuration error.
I've checked it into CVS and, pending testing here at UMich, will roll
it into the next release. If you could also test this that would be