CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: blocking friend accounts?

On Aug 5, 2004, at 5:55 AM, Mark Montague wrote:

On Wed, 4 Aug 2004, Jim Zajkowski wrote:

How can I configure the cosign filter to block access from non-UMICH
principals?  That is, I want to deny access to friend users.

If you're not serving active content, here's something you can add to httpd.conf or .htaccess to deny friends access:

    SetEnvIf Remote_User ".*@.*" friend
    AuthType CoSign
    Require valid-user
    Deny from env=friend

This solution was designed by Wes Craig, I'm just posting
it here.

Sadly, although documented, the SetEnvIf Remote_User code never quite worked. Here's the bugreport from Apache:

In this case I'm serving some files off as a "depot" like setup, so a PHP or Perl solution isn't going to work.

I'm considering changing mod_cosign to set the environment variable "COSIGN_FRIEND" when a friend user comes along; then the Deny from env=COSIGN_FRIEND would work.


Jim Zajkowski          OpenPGP 0x21135C3
System Administrator  8A9E 1DDF 944D 83C3 AEAB  8F74 8697 A823 2113 5C53
UM Life Sciences Institute

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010