 |
cosign-discuss at umich.edu
|
|
general discussion of cosign development and deployment
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: blocking friend accounts?
On Wed, 4 Aug 2004, Jim Zajkowski wrote:
> How can I configure the cosign filter to block access from non-UMICH
> principals? That is, I want to deny access to friend users.
This is an authorization decision. The cosign filter itself
handles only authentication. But the cosign filter does set
the REMOTE_USER environment variable, and any "local" user
will not have an '@' character in their name, while any
friend user will (friend usernames are email addresses).
So if you're doing this in Perl, PHP, Java, etc., just say
something like:
if ($ENV{'REMOTE_USER'} =~ /@/)
{
print "Status: 403 Forbidden\n";
print "Content: text/html\n\n";
print "<html><head><title>403 Forbidden</title></head>\n";
print "<body><h1>Error</h1>\n";
print "<p>Sorry, you are not authorized to access this page.</p>\n";
print "</body></html>\n";
exit(0);
}
If you're not serving active content, here's something you
can add to httpd.conf or .htaccess to deny friends access:
SetEnvIf Remote_User ".*@.*" friend
AuthType CoSign
Require valid-user
Deny from env=friend
This solution was designed by Wes Craig, I'm just posting
it here.
Mark Montague
LS&A Information Technology
markmont@xxxxxxxxx
| 
