I'm hoping that this falls into the "there's no such thing as a dumb
question" category...
We're just about to turn on SPNEGO authentication, and one of the
comments that's come back from testing is that users might be confused
at not being prompted for their passwords, and might think that they're
not being authenticated properly.
My first attempt was to use Javascript to delay the Negotiate checking,
and poke a "you're being authenticated" message into the initial login
form. This almost works, but maybe my javascript-fu isn't good enough,
because occasionally it kills the checknegotiate stuff (I think it's a
timing thing). Typing the normal username and password (or even just
hitting reload) works, but it seems like it's going to be a source of
problems, and besides, I had a Better Idea...
TheBetter Idea is that if cosign.cgi could redirect to a page
immediately after authentication, this page could tell Negotiated users
that they've been authenticated. Since at this point the user's identity
is known, it would also be possible to turn off this annoyance on a
per-user basis.
Also, since the user's identity is known, it would be a potential place
for important but transient notifications to be given ("your library
books are due back today" or "your password hasn't been changed in the
last 6 months and will expire soon"). It could be great. Unfortunately,
now that I've looked properly at how control flows through cosign.cgi,
it looks pretty hard to get right, since there's no simple distinction
between the first time cosign.cgi authenticates a user, and any
subsequent times that a filter redirects to cosign.cgi when the user
visits other applications.
So my question is - has anyone else done this? Is there a clean way to
implement this? Or is it just a stupid idea?
Thanks in advance,
Steve.
------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
