[an error occurred while processing the directive]
 |
cosign-discuss at umich.edu
|
|
general discussion of cosign development and deployment
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Groups and other variables?
On Thu, 3 Mar 2005, Brian Hatch wrote:
> > I run several cosign-enabled web servers, and use require-group
> > all the time. I use both DBM and LDAP groups. mod_auth_dbm
> > for Apache uses the user information provided by cosign to do
> > the group lookup.
>
> Got an httpd.conf snippet you can share?
Very little cosign-specific here. Assuming that you have cosign
set up and enabled:
AddModule mod_auth_dbm.c
<Directory />
AuthDBMGroupFile /path/to/groups/file
AuthDBMAuthoritative off
</Directory>
<Directory /path/to/pages/to/protect>
Order allow,deny
Allow from all
CosignProtected On
AuthType Cosign
SSLRequireSSL
require group mygroup
</Directory>
> cosign's job is authentication. Authorization is a separate
> task that takes place outside of cosign after authentication
> occurs. Authorization is usually handled the same way you
> handle authorization when using any other form of authentication
> other than cosign.
>
> > Quite true - it's just that apache's ldap-based access often does both
> > of these by virtue of the searches it uses.
Have you tried mod_authz_ldap? I haven't used this myself,
but it's mean explicitly for authorization, not authentication.
Mark Montague
LS&A Information Technology
The University of Michigan
markmont@xxxxxxxxx
[an error occurred while processing the directive]