On Nov 25, 2009, at 10:21 AM, Andy Cobaugh wrote: > > Folks, > > After reading through the archives, I've come across a bug that was > reported earlier against the 3.0.0 version of cosign. > > Specifically, the CosignGetKerberosTickets and CosignKerberosSetupGss > directives appear to not work within a Location or Directory context. They > do, however, work at a higher level, such as at the vhost context. > Unfortunately that means setting CosignProtected On for the entire virtual > host.
Fortunately, it doesn't mean that. Kerberos tickets are retrieved the first time a service cookie is checked with the login server. In Cosign 3, that check takes place in the validation handler, which of course must be unprotected. Go ahead and use the directive in the vhost context. The bug you mention is caused by two things. First, the validation handler code only consults the server config, not server & directory/location. Second, the ticket retrieval code isn't smart enough to observe that there should be a ticket and one doesn't exist. If ticket retrieval's enabled, what mod_cosign should really do is check to see if the kerberos field in the cookie structure is populated. If it's not, it should request the ticket from cosignd. > It sounded like there was going to be a fix for this in 3.0.2 based on > what was discussed in the thread, but based on what I'm seeing it wasn't. > > Just wondering if a fix is still planned for one of the next releases? That's a pretty vague timeline, so yes. :) Seriously, though, you can expect this by 3.2, as 3.1 is currently a release candidate. amdrew ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
