CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Basic auth interference


	/cgi-bin	  requires HTTP Basic authentication
		<Directory /usr/lib/cgi-bin/>
		    CosignProtected     Off
		    AuthType Basic
		    AuthName "Password Authentication"
		    Require valid-user
		    AuthUserFile /path/to/phtpasswd

	/cgi-bin/otherdir requires Cosign authentication
		<Directory /usr/lib/cgi-bin/subdirectory/>
		    AllowOverride all
		    Options +ExecCGI
		    SetHandler cgi-script
		    Allow from all

		    CosignProtected     On

I'd like to have /cgi-bin/otherdir require *just* cosign authentication,
not both.  

Right now, apache makes you use both, and it would seem both mod_access
and mod_cosign set REMOTE_USER (mod_access seems to be winning)

If I add a 'satisfy any' to the cosign-protect directory, then HTTP
basic authentication isn't required, which is close -- you can use
one or the other.  The problem is that if you've already used
something in the top level dir, it's sufficient and you don't need
to use cosign, and I want it to require cosign and nothing else.

Any ideas?

Brian Hatch                  "In one of the Bard's best-thought-of
   Systems and                tragedies, our insistent hero,
   Security Engineer          Hamlet, queries on two fronts     about how life turns rotten."
                              -- anagram of 'to be or not to be...'
Every message PGP signed

Attachment: signature.asc
Description: Digital signature

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010