|
cosign-discuss at umich.edu |
| general discussion of cosign development and deployment | |
> Is anyone using cosign to authenticate users via LDAP instead of > Kerberos? I'm pretty sure that cosign doesn't support this, but > I've had an external user ask and I wanted to check. Note that > although I'm at the University of Michigan, I'm not an active > participant of the cosign development group here. Check the archives for my emails - I'm doing this (on a 1.7.0 version, IIRC) by replacing the default CGIs which check for an existing valid cookie, if none is present it asks for authentication, when you submit it gets the credentials and checks them against LDAP, and if they are correct it will call the real cosign CGI with REMOTE_USER already set which will trust the cookie and make everything work. Details should be in my old emails, or I can send you the package I've built up. Not terribly sexy. -- Brian Hatch "I like you. You're trouble." Systems and "Well, thank you. It's the nicest thing Security Engineer anybody has said about me in days." http://www.ifokr.org/bri/ Every message PGP signed
Attachment:
signature.asc
Description: Digital signature