CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cosign on a Sub Directory Only

On Tue, 20 Jul 2004, johanna bromberg craig wrote:

> This was originally a security thought, but I'm not sure our reasons
> are valid anymore. I think our original logic was not wanting users to
> turn off/on Cosign if an admin had made it on/off for a whole server,
> but that might be spurious. Other members of the core cosign team feel
> free to speak up and correct me if there was a more pressing issue and
> I've just forgotten it. ;)

I wasn't involved in those discussions, but unless there is a reason
to have a CosignProtected directive, I'd be more comfortable turning
cosign on/off with the AuthType directive.  If the server admin doesn't
want users doing this, then they specify "AllowOverride -AuthConfig".
This _does_ mean that the user can't use the "require" directive
in their .htaccess files anymore, though, which is undesirable.
Right now does CosignProtected trump AuthType in all cases?  If so,
I guess this would be a valid reason for keeping CosignProtected
around but not usable in .htaccess files.

                Mark Montague
                LS&A Information Technology

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010