 |
cosign-discuss at umich.edu
|
|
general discussion of cosign development and deployment
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Cosign Loop Breaking
Perhaps a whole test script could be developed, using wget etc?
Brett
-----Original Message-----
From: Bill Doster [mailto:Bill.Doster@xxxxxxxxx]
Sent: Wednesday, 9 June 2004 1:34 p.m.
To: 'Cosign Discussion'
Subject: RE: Cosign Loop Breaking
> I believe the bad configuration is having the action on the login form set
> incorrectly (at least this is the one I know about). If the action is set
> such that apache redirects (or re-writes the URL) via a GET rather than a
> POST it will lose the data attached, and then the CGI displays the login
> page.
>
> I agree that this is a case of bad configuration, and perhaps, after
further
> thought I do not think it would really be worth extra work to detect it.
If
> the Sys Admin sets it up incorrectly then that is their fault. Perhaps a
> good thing would be some detailed installation documentation which would
> help this problem (and others) to no end.
If this is a configuration problem, perhaps some kind of "test script" which
acts like a browser and checks for common misconfiguration problems could
be included in the distribution and recommended for vetting new
configurations?
| 
