 |
cosign-discuss at umich.edu
|
|
general discussion of cosign development and deployment
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Restricting access
On Mon, 23 Feb 2004 memo@xxxxxxxxxxxx wrote:
Is there a way to restrict access to our cosign server to certain
groups
within UM? We want to distribute the School of Information's
configuration
of Mulberry via our Cosign enabled web server but we don't want our
alumni
to be able get the software since they aren't covered under the site
license. Is this something Cosign can handle? If not how can we
further
restrict access beyond Cosign?
Just restrict access as you normally would without cosign.
For example, to have Apache do the authorization for you,
add a directive to the appropriate Directory context in http.conf,
or to the appropriate .htaccess file such as
require group list-of-people-I-like
The file containing the definition of the group can be
defined by AuthDBGroupFile (if you're using mod_auth_db),
AuthDBMGroupFile (mod_auth_dbm), or AuthGroupFile (mod_auth).
Or you can do authorization under apache using LDAP groups
(mod_ldap) or groups defined in MySQL databases, to name just
a few possibilities.
If you are writing active content (for example, a PHP page),
cosign puts the name of the user into the REMOTE_USER environment
variable. Your page should use this variable when doing its
authorization checks.
Mark Montague
LS&A Information Technology
markmont@xxxxxxxxx
| 
