CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Groups and other variables?

On Thu, 3 Mar 2005, Brian Hatch wrote:

> > I run several cosign-enabled web servers, and use require-group
> > all the time.  I use both DBM and LDAP groups.  mod_auth_dbm
> > for Apache uses the user information provided by cosign to do
> > the group lookup.
> Got an httpd.conf snippet you can share?

Very little cosign-specific here.  Assuming that you have cosign
set up and enabled:

AddModule mod_auth_dbm.c
<Directory />
  AuthDBMGroupFile /path/to/groups/file
  AuthDBMAuthoritative off
<Directory /path/to/pages/to/protect>
  Order allow,deny
  Allow from all
  CosignProtected On
  AuthType Cosign
  require group mygroup

> cosign's job is authentication.  Authorization is a separate
> task that takes place outside of cosign after authentication
> occurs.  Authorization is usually handled the same way you
> handle authorization when using any other form of authentication
> other than cosign.
> > Quite true - it's just that apache's ldap-based access often does both
> > of these by virtue of the searches it uses.

Have you tried mod_authz_ldap?  I haven't used this myself,
but it's mean explicitly for authorization, not authentication.

                Mark Montague
                LS&A Information Technology
                The University of Michigan

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010