|
cosign-discuss at umich.edu |
| general discussion of cosign development and deployment | |
So, having gotten cosign working (created Debian packages for both server+filter and just filter for Debian Woody [apache 1.3], will work on sarge 1.3 and 2.0 next week) I'm starting to roll it out. For this first pass, knowing that someone has an Active Directory account is the important thing. However I know sooner than later someone will want to be able to allow only users in particular groups, or perhaps be able to access the user's full name or email address or something else that's stored in the records that were originally (via ldap) used to verify the user's password at login time. Is there any facility in Cosign to allow you to 'store' other information aside from the REMOTE_USER when the filter does it's thing? These would be set in other env variables, and preferably be available for permissions descisions like 'require-group' without too much hoop jumping. -- Brian Hatch Thou shalt not compose Systems and limericks at a funeral. Security Engineer http://www.ifokr.org/bri/ Every message PGP signed
Attachment:
signature.asc
Description: Digital signature