Under a certain shared deployment scenario I am involved with there is
the need to dynamically configure many different reauth and non-reauth
services on a per-directory basis under Apache.
CosignCryoto, CosignService and CosignCheckIP are presently not
allowed to be specified in .htaccess files even though
CosignProtection and CosignRequireFactor are. Is there a specific
reason for this?
Should any other configuration directives be considered for this scope
change like CosignCookieExpireTime, CosignSiteEntry,
CosignFactorSuffix, CosignFactorSuffixIgnore, CosignAllowPublicAccess,
CosignHttpOnly, CosignTicketPrefix, ...
Patch included below for filters/apache/mod_cosign.c and
filters/apache2/mod_cosign.c.
--
Sam Nicolary
===================================================================
RCS file: filters/apache/mod_cosign.c,v
retrieving revision 1.1
diff -u -r1.1 filters/apache/mod_cosign.c
--- filters/apache/mod_cosign.c 2009/04/09 12:42:04 1.1
+++ filters/apache/mod_cosign.c 2009/04/09 12:46:17
@@ -940,7 +940,7 @@
"the URL to deliver bad news about POSTed data" },
{ "CosignService", set_cosign_service,
- NULL, RSRC_CONF | ACCESS_CONF, TAKE1,
+ NULL, RSRC_CONF | ACCESS_CONF | OR_AUTHCFG, TAKE1,
"the name of the cosign service" },
{ "CosignProtected", set_cosign_protect,
@@ -976,7 +976,7 @@
"the path to the cosign Kerberos ticket directory" },
{ "CosignCheckIP", set_cosign_checkip,
- NULL, RSRC_CONF, TAKE1,
+ NULL, RSRC_CONF | OR_AUTHCFG, TAKE1,
"\"never\", \"initial\", or \"always\"" },
{ "CosignSiteEntry", set_cosign_siteentry,
@@ -1008,7 +1008,7 @@
"for SSL load balancers - redirect with no added port to the URL" },
{ "CosignCrypto", set_cosign_certs,
- NULL, RSRC_CONF | ACCESS_CONF, TAKE3,
+ NULL, RSRC_CONF | ACCESS_CONF | OR_AUTHCFG, TAKE3,
"crypto for use in talking to cosign host" },
{ "CosignGetProxyCookies", set_cosign_proxy_cookies,
===================================================================
RCS file: filters/apache2/mod_cosign.c,v
retrieving revision 1.1
diff -u -r1.1 filters/apache2/mod_cosign.c
--- filters/apache2/mod_cosign.c 2009/04/05 01:35:54 1.1
+++ filters/apache2/mod_cosign.c 2009/04/05 01:45:06
@@ -940,7 +940,7 @@
"the URL to deliver bad news about POSTed data" ),
AP_INIT_TAKE1( "CosignService", set_cosign_service,
- NULL, RSRC_CONF | ACCESS_CONF,
+ NULL, RSRC_CONF | ACCESS_CONF | OR_AUTHCFG,
"the name of the cosign service" ),
AP_INIT_FLAG( "CosignProtected", set_cosign_protect,
@@ -976,7 +976,7 @@
"the path to the cosign Kerberos ticket directory" ),
AP_INIT_TAKE1( "CosignCheckIP", set_cosign_checkip,
- NULL, RSRC_CONF,
+ NULL, RSRC_CONF | OR_AUTHCFG,
"\"never\", \"initial\", or \"always\"" ),
AP_INIT_TAKE1( "CosignSiteEntry", set_cosign_siteentry,
@@ -1008,7 +1008,7 @@
"for SSL load balancers - redirect with no added port to the URL" ),
AP_INIT_TAKE3( "CosignCrypto", set_cosign_certs,
- NULL, RSRC_CONF | ACCESS_CONF,
+ NULL, RSRC_CONF | ACCESS_CONF | OR_AUTHCFG,
"crypto for use in talking to cosign host" ),
AP_INIT_FLAG( "CosignGetProxyCookies", set_cosign_proxy_cookies,
------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
