	cosign-discuss at umich.edu
	general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Groups and other variables?

To: Mark Montague <markmont@xxxxxxxxx>
Subject: Re: Groups and other variables?
From: Wesley D Craig <wes@xxxxxxxxx>
Date: Fri, 4 Mar 2005 17:13:24 -0500
Cc: Brian Hatch <bri@xxxxxxxxx>, cosign-discuss <cosign-discuss@xxxxxxxxx>
In-reply-to: <Pine.SOL.4.58.0503031155000.9796@mozi.lsait.lsa.umich.edu>
References: <20050303051312.GX817@ifokr.org> <Pine.SOL.4.58.0503030917190.9796@mozi.lsait.lsa.umich.edu> <20050303145648.GZ817@ifokr.org> <Pine.SOL.4.58.0503031155000.9796@mozi.lsait.lsa.umich.edu>

On 03 Mar 2005, at 12:05, Mark Montague wrote:

Quite true - it's just that apache's ldap-based access often does both of these by virtue of the searches it uses.
Have you tried mod_authz_ldap?  I haven't used this myself,
but it's mean explicitly for authorization, not authentication.

Actually, Brian's observation about apache modules doing both authN and authZ applies to mod_authz_ldap as well. Jo & I patched it so that it could be configured to not do authN, instead relying on REMOTE_USER to be previously set. Notes are available here:

    http://www.umich.edu/~umweb/downloads/mod_authz_ldap-NOTES.txt
    http://www.umich.edu/~umweb/downloads/mod_authz_ldap-NOTES-UMICH.txt

We're (still) waiting for the author to accept or decline our patches.

:wes

Follow-Ups:
- Re: Groups and other variables?
  - From: Brian Hatch

References:
- Groups and other variables?
  - From: Brian Hatch
- Re: Groups and other variables?
  - From: Mark Montague
- Re: Groups and other variables?
  - From: Brian Hatch
- Re: Groups and other variables?
  - From: Mark Montague

Prev by Date: Re: Groups and other variables?
Next by Date: Re: Groups and other variables?
Previous by thread: Re: Groups and other variables?
Next by thread: Re: Groups and other variables?
Index(es):
- Date
- Thread