cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cosign with multiple kerberos realms
I don't believe it has.
Having said that most of the code will handle multiple realms already.
The only problem i could see with this how you handle an application
getting an incorrect kerberos ticket (in a realm it know nothing about).
e.g. a user chooses to authenticate to realm A and accesses web service
X which is part of realm B and get a kerberos ticket from the cosign
server for A. The possibly needs to be a mechanism for the webservers to
requests a ticket in a certain realm, and if not there get the user to
re-authenticate in that realm?? Unless you can build kerberos trust?
(not sure on this)
On Fri, 2005-03-11 at 08:47, Ben Poliakoff wrote:
> I haven't been able to find much info about how cosign might be able to
> work with multiple krb5 realms.
> Googling about, I found a proposal:
> ...that includes a bullet item:
> "User selects authentication type and Kerberos realm."
> Has such functionality (login page featuring a drop down menu of
> realms) ever been implemented?