cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cosign with multiple kerberos realms
On 10 Mar 2005, at 16:48, Ben Poliakoff wrote:
Multiple realms was an initial requirement because of the multiple
kerberos realms on campus. Early versions didn't have support for
multiple realms, since we were just concentrating on getting basic
functionality working. Once we had it working, we just never offered
the admins of other realms the option to use the multi-realm support
that was embedded in the protocol. They never asked, so we never
I know umich maintains
a collection of different realms.....
Certainly a drop-down on the login screen was how we envisioned it
working. The user selected realm would then be posted to the CGI,
which would use it in the kerberos password check. Once the account
was verified, the realm would be passed on to cosignd and hence to all
connecting filters. Simple to get more or less working, only a little
harder to make the UI issues smooth.
If you were to undertake these changes, we'd be happy to accept
contributed code back into the distribution.