cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Groups and other variables?
On Thu, 3 Mar 2005, Brian Hatch wrote:
> > I run several cosign-enabled web servers, and use require-group
> > all the time. I use both DBM and LDAP groups. mod_auth_dbm
> > for Apache uses the user information provided by cosign to do
> > the group lookup.
> Got an httpd.conf snippet you can share?
Very little cosign-specific here. Assuming that you have cosign
set up and enabled:
Allow from all
require group mygroup
> cosign's job is authentication. Authorization is a separate
> task that takes place outside of cosign after authentication
> occurs. Authorization is usually handled the same way you
> handle authorization when using any other form of authentication
> other than cosign.
> > Quite true - it's just that apache's ldap-based access often does both
> > of these by virtue of the searches it uses.
Have you tried mod_authz_ldap? I haven't used this myself,
but it's mean explicitly for authorization, not authentication.
LS&A Information Technology
The University of Michigan