On Sep 24, 2009, at 5:47 PM, Marco Righi wrote: > Thanks, > this is the file > > /etc/cosign/cosign.conf
OK, looks like you just copied from the wiki example, which needs to be updated for 3.0. The options used here are for versions of cosign prior to cosign 3.0. Not too many things have changed in the cosign.conf, but a couple very important keywords are different. In this case, you need to alter your use of the "service" keyword: service cosign-<your_service_name_regex> <URL of service validation handler> <flags> <service_certificate_CN_regex> E.g.: service cosign-my\.service https://my.service.example.edu/cosign/ valid 0 mod_cosign-1 The validation URL is a special virtual location on your client. Requests for this location are intercepted by mod_cosign, which then validates the information included on the query string: <https://webapps.itcs.umich.edu/cosign/index.php/Cosign_Wiki:CosignInstallation#CosignValidReference > Please take a look at the cosign.conf manpage, and the README and README.weblogin files included with the source for additional details. andrew > > ----START---- > ## [Common to cgi and cosignd] > # TLS parameters > set cosigncadir /etc/cosign/certs/CA/ > set cosigncert /etc/cosign/certs/cgi.crt > set cosignkey /etc/cosign/certs/cgi.key > > > ## [cosignd-specific] > # Allow access to cosignd with cgi-level privileges (REGISTER new > sessions) > # from this CommonName (CN is from the TLS certificate) > cgi cgi-1 > > # Allow cosignd access with service-level privileges (CHECK existing > sessions) > # from these CN (they need not match the source IP or domaine name) > service mod_cosign-1 0 > service mod_cosign-2 0 > > # In the ldapadmin example, we restrict access to the service at the > # Apache level (CosignRequireFactor admin). Alternatively we can > # centralise access restrictions at the cosignd level: > #cookie ldapadmin reauth ldap admin > # Note: you can specify multiple factors. > # By default, a cookie is granted as long as one factor is enabled. > > > ## [cgi-specific] > # cosignd host (it must match the server's CN!) > set cosignhost cosignd.local > > # Grab this user's factor: > # - argument 3 and later are name(s) of <FORM>/POST fields from the > template > # - at least one factor is required for authentication to succeed > # - a factor executable only returns 1 factor name > # - factor names can be used by mod_cosign (CosignRequireFactor) > # - "-2" means this secondary script is started only if another one > was > successful > #factor /usr/lib/cosign/factor/test login password > factor /usr/lib/cosign/factor/ldap login password > factor /usr/lib/cosign/factor/admin -2 login > > # Override the default template directories, > # so our changes won't be overwritten by an unfortunate 'make install' > set cosigntmpldir /var/lib/cosign/templates-local > > set cosignlogouturl https://weblogin.local/ > set cosignloopurl https://weblogin.local/cosign/looping.html > ----END---- > > Marco > > Andrew Mortensen ha scritto: >> >> On Sep 24, 2009, at 6:32 AM, Marco Righi wrote: >> >>> When I try to star the daemon I get an error >>> >>> usr/local/sbin/cosignd -y /etc/cosign/certs/cosignd.crt -z >>> /etc/cosign/certs/cosignd.key >>> line 15: keyword service takes 5 or 6 args >> >> What's line 15 of your configuration file look like? >> >> andrew > > !DSPAM:4abbe905154661152467131! > > > ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
