I won't repeat anything Wes has said. Please read his message. Also, note that I just run the production cosign servers for the University of Michigan, I'm not one of the cosign developers/maintainers.
On Thu, Feb 26, 2009 8:37 PM, Bob Radvanovsky <[email protected]> wrote: > (2) I have Red Hat Enterprise Linux 5.3 loaded on it WITH EVERYTHING LOADED. > I chose the "Use Everything" option. > (3) I have downloaded OpenSSL 0.9.8. configured, compiled and installed. > (4) I have downloaded Apache 2.0.63, configured, compiled and installed. > If you are using RHEL 5.3, why are you not using the default versions of OpenSSL and Apache HTTPD that Red Hat installs by default when you select "Web server" on the "Package Selection" screen during installation? It's possible and supported to do what you're doing, but it increases the number of things you have to get right for everything to work properly. > There are MULTIPLE instructions for installing this software. There are > multiple methods for utilizing whatever path you choose. > Yes. That's called flexibility. There is no one-size-fits-all configuration. Still, while I think the various instructions can be explained more and generally improved (as Trek has said), all of the sets of instructions have the same basic steps. If you're confused and just want a single set of instructions, the README (for setting up the filters) and README.weblogin (for setting up the central weblogin servers) files that are included with the distributions are the authoritative references. > If I understand this correctly, this is to be the "front door" for a portal > server that, based on the user's ID and password, and based upon their rights > granted, would grant them permissions of various levels of applications based > from their login ID and password authentication. Right? > cosign is a web single-sign-on solution for an enterprise environment. While it can be used to provide authentication for a web server that runs portlets (just as it can be used to provide authentication for most web servers), cosign has no special support for portal APIs. Note that an assumption behind cosign is that you'll have enough web servers to protect that setting up and maintaining a central weblogin server is a relatively small marginal cost. Finally, cosign merely makes sure people are who they say they are. It does not deal in permissions (authorization) -- you can use whatever authorization solution you want in conjunction with cosign. Depending on your needs, you may choose LDAP (e.g., mod_authnz_ldap for Apache HTTPD), a global database (MySQL or Oracle), one or more web-application-specific databases, Unix groups (via PAM or NIS+), or so on. Mark Montague ITCS Web/Database Team The University of Michigan [email protected] ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
