	cosign-discuss at umich.edu
	general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Excluding a directory from the cosign filter

To: <jarod@xxxxxxxxx>, "'Chassy'" <chassy@xxxxxxxxx>, <cosign-discuss@xxxxxxxxx>
Subject: RE: Excluding a directory from the cosign filter
From: "Konstantin Voyk" <kvoyk@xxxxxxxxx>
Date: Tue, 13 Apr 2004 08:09:24 -0400
In-reply-to: <514337127.1081800203@[192.168.1.105]>
Thread-index: AcQg6uPUau4DIOGeTXCat+8eCijwsgAY4Y8Q

Chassy,
I think you can have unprotected directories in your web server if you will
do one of following:
- project your projected directories directory by directory (and do not
project whole web site)
	<protected>You_protected_directory_1</protected>
	<protected>You_protected_directory_2</protected>
	<protected>You_protected_directory_3</protected>
- rearrange your directory structure and put all your projected sites into
protected directory. Then your config file will looks like this
	<protected>You_protected_directory</protected>
- put all your projected directories in another web site and project whole
web site as you do now
	<protected>/</protected>

Konstantin Voyk
kvoyk@xxxxxxxxx
Infotech, Law School




-----Original Message-----
From: jarod@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[mailto:jarod@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of jarod@xxxxxxxxx
Sent: Monday, April 12, 2004 8:03 PM
To: Chassy; cosign-discuss@xxxxxxxxx
Subject: Re: Excluding a directory from the cosign filter


Chassy,

IISCosign does not offer that functionality.  By default, whatever 
directory is specified as <Protected> will apply to all subdirectories. 
This cannot be overridden.

> As a related question, if I am able to exclude a specific directory form
> cosign protection, will the cosign-related CGI environment variables still
> be available if someone has previously logged in?

As a related answer :) if somebody is logged in via cosign and they access 
an unprotected directory, at least on IISCosign, their login information 
will not be available.

--Jarod Malestein
--University of Michigan
--ITCS

--On Monday, April 12, 2004 7:18 PM -0400 Chassy <chassy@xxxxxxxxx> wrote:

> I currently have Cosign configured to protect an entire directory.  In the
> services section of my cosign.dll.config file, I have a single entry:
>
>   <Protected>/</Protected>
>
> Is there a way to exclude a subdirectory, something like:
>
>   <Protected>/</Protected>
>   <NotProtected>/facultyHandbook/</NotProtected>
>
> I'm running IIS6 on a Win2K3 server.
>
> My purpose for asking is that I want to make one section of our intranet
> publicly accessible.  I could make it available to people with friend
> accounts, but that creates a fairly significant barrier to someone needing
> the information immediately.
>
> As a related question, if I am able to exclude a specific directory form
> cosign protection, will the cosign-related CGI environment variables still
> be available if someone has previously logged in?
>
> Thanks,
> Chassy

References:
- Re: Excluding a directory from the cosign filter
  - From: jarod

Prev by Date: cosign certificate.
Next by Date: Re: cosign certificate.
Previous by thread: Re: Excluding a directory from the cosign filter
Next by thread: Using UM cerfificate for cosign
Index(es):
- Date
- Thread