CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cosign with multiple kerberos realms

I don't believe it has.

Having said that most of the code will handle multiple realms already.
The only problem i could see with this how you handle an application
getting an incorrect kerberos ticket (in a realm it know nothing about).
e.g. a user chooses to authenticate to realm A and accesses web service
X which is part of realm B and get a kerberos ticket from the cosign
server for A. The possibly needs to be a mechanism for the webservers to
requests a ticket in a certain realm, and if not there get the user to
re-authenticate in that realm?? Unless you can build kerberos trust?
(not sure on this)


On Fri, 2005-03-11 at 08:47, Ben Poliakoff wrote:
> I haven't been able to find much info about how cosign might be able to
> work with multiple krb5 realms.
> Googling about, I found a proposal:
> ...that includes a bullet item:
>     "User selects authentication type and Kerberos realm."
> Has such functionality (login page featuring a drop down menu of
> realms) ever been implemented?
> Ben

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010