On 2009-11-25 at 13:36, Andrew Mortensen ( [email protected] ) said: > > On Nov 25, 2009, at 10:21 AM, Andy Cobaugh wrote: > >> >> Folks, >> >> After reading through the archives, I've come across a bug that was >> reported earlier against the 3.0.0 version of cosign. >> >> Specifically, the CosignGetKerberosTickets and CosignKerberosSetupGss >> directives appear to not work within a Location or Directory context. They >> do, however, work at a higher level, such as at the vhost context. >> Unfortunately that means setting CosignProtected On for the entire virtual >> host. > > Fortunately, it doesn't mean that. Kerberos tickets are retrieved the first > time a service cookie is checked with the login server. In Cosign 3, that > check takes place in the validation handler, which of course must be > unprotected. Go ahead and use the directive in the vhost context. > > The bug you mention is caused by two things. First, the validation handler > code only consults the server config, not server & directory/location. > Second, the ticket retrieval code isn't smart enough to observe that there > should be a ticket and one doesn't exist. If ticket retrieval's enabled, what > mod_cosign should really do is check to see if the kerberos field in the > cookie structure is populated. If it's not, it should request the ticket from > cosignd. > >> It sounded like there was going to be a fix for this in 3.0.2 based on >> what was discussed in the thread, but based on what I'm seeing it wasn't. >> >> Just wondering if a fix is still planned for one of the next releases? > > That's a pretty vague timeline, so yes. :)
That was intentional :) > Seriously, though, you can expect this by 3.2, as 3.1 is currently a release > candidate. Works for me. Thanks. --andy ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
