On Apr 28, 2009, at 11:06 AM, Steve Devine wrote: > I am now successfully getting authenticated by cosign. But I do not > initially get a ticket in /ticket on the application server. > If I go into /var/cosign/filter and delete the files in there and then > refresh the browser I will then get the ticket. > On the cosign server the /ticket directory does get a ticket > immediately.
What's your Apache config look like? cosign 3.0 exercises a long- standing bug, as described here: <http://sourceforge.net/mailarchive/message.php?msg_name=CD9EB616-B9C9-422A-96FF-DFEBF9214E83%40umich.edu > > Also these tickets are not working with modwaklog - I know thats a > different list but maybe others are running into this. The tickets will need to be forwardable. Check the flags on the tickets with "klist -f /path/to/ticket". You should see something like this: Ticket cache: FILE:/ticket/5vr2tG3aYBIz Default principal: [email protected] Valid starting Expires Service principal 04/28/09 13:52:32 04/28/09 23:52:32 krbtgt/[email protected] Flags: FIA, Etype (skey, tkt): DES cbc mode with CRC-32, AES-256 CTS mode with 96-bit SHA-1 HMAC You're interested in the Flags section. 'F' means the ticket is forwardable. andrew ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
