 |
cosign-discuss at umich.edu
|
|
general discussion of cosign development and deployment
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: blocking friend accounts?
On Aug 5, 2004, at 5:55 AM, Mark Montague wrote:
On Wed, 4 Aug 2004, Jim Zajkowski wrote:
How can I configure the cosign filter to block access from non-UMICH
principals? That is, I want to deny access to friend users.
If you're not serving active content, here's something you
can add to httpd.conf or .htaccess to deny friends access:
SetEnvIf Remote_User ".*@.*" friend
AuthType CoSign
Require valid-user
Deny from env=friend
This solution was designed by Wes Craig, I'm just posting
it here.
Sadly, although documented, the SetEnvIf Remote_User code never quite
worked. Here's the bugreport from Apache:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25725
In this case I'm serving some files off as a "depot" like setup, so a
PHP or Perl solution isn't going to work.
I'm considering changing mod_cosign to set the environment variable
"COSIGN_FRIEND" when a friend user comes along; then the Deny from
env=COSIGN_FRIEND would work.
--Jim
--
Jim Zajkowski OpenPGP 0x21135C3 http://www.jimz.net/pgp.asc
System Administrator 8A9E 1DDF 944D 83C3 AEAB 8F74 8697 A823 2113 5C53
UM Life Sciences Institute
| 
