On 24 May 2008, at 05:50, Andy Cobaugh wrote:
> 1) Why would the CGI *not* redirect back to the service after a
> successfull authentication? I.e., user access service.foo.com, gets
> redirected to weblogin.foo.com, then never gets redirected back,
> but instead gets sent over to service.foo.com/services ? I must be
> missing something here...
In all cases, or just when the password is required? If it's just
when the user is prompted for the password, it's probably an error in
the HTML template. The referenced URL needs to be posted along with
the password in a hidden field.
> 2) What would a valid "negotiate" directive look like if I were to
> allow HTTP-Negotiate (via mod_auth_kerb with SPNEGO for example). I
> can't find any examples online where this directive is used. I'm
> assuming something of the form:
>
> negotiate \\([EMAIL PROTECTED]) $1 <factor>
>
> What goes in place for factor?
factor is a name space you can control. Here, if you've used
Kerberos the factor is "UMICH.EDU" and "FRIEND" if you used friend.
We also have a multi-factor system in place, the factor there is
"MTOKEN" as I recall. Your choice of factor names really reflects
what you consider to be equivalent quality of authentication. E.g.,
if you feel as tho password based authentication and SPNEGO are
equivalent, then you can use the same factor name for both. The
authentication filters on the clients can require specific factors,
so keep that in mind.
Probably you want:
negotiate ([EMAIL PROTECTED]) $1 SPNEGO
The change from "basic" to "extended" regular expressions drops the
requirement for all those extra back-slashes.
:wes
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
