CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Groups and other variables?

  • To: cosign-discuss <cosign-discuss@xxxxxxxxx>
  • Subject: Groups and other variables?
  • From: Brian Hatch <bri@xxxxxxxxx>
  • Date: Wed, 2 Mar 2005 21:13:12 -0800
  • User-agent: Mutt/1.5.6+20040907i

So, having gotten cosign working (created Debian packages for
both server+filter and just filter for Debian Woody [apache 1.3],
will work on sarge 1.3 and 2.0 next week) I'm starting to roll
it out.

For this first pass, knowing that someone has an Active Directory
account is the important thing.  However I know sooner than later
someone will want to be able to allow only users in particular
groups, or perhaps be able to access the user's full name or
email address or something else that's stored in the records that
were originally (via ldap) used to verify the user's password
at login time.

Is there any facility in Cosign to allow you to 'store' other
information aside from the REMOTE_USER when the filter does it's
thing?  These would be set in other env variables, and preferably
be available for permissions descisions like 'require-group'
without too much hoop jumping.

Brian Hatch                  Thou shalt not compose
   Systems and               limericks at a funeral.
   Security Engineer

Every message PGP signed

Attachment: signature.asc
Description: Digital signature

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010