CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cosign with multiple kerberos realms

On 10 Mar 2005, at 16:48, Ben Poliakoff wrote:
I know umich maintains
a collection of different realms.....
Multiple realms was an initial requirement because of the multiple kerberos realms on campus. Early versions didn't have support for multiple realms, since we were just concentrating on getting basic functionality working. Once we had it working, we just never offered the admins of other realms the option to use the multi-realm support that was embedded in the protocol. They never asked, so we never implemented it.
Certainly a drop-down on the login screen was how we envisioned it working. The user selected realm would then be posted to the CGI, which would use it in the kerberos password check. Once the account was verified, the realm would be passed on to cosignd and hence to all connecting filters. Simple to get more or less working, only a little harder to make the UI issues smooth.
If you were to undertake these changes, we'd be happy to accept contributed code back into the distribution.

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010