On December 30, 2009 3:55 , "fabrizio" <[email protected]> wrote:
Hi support,
This is the worldwide mailing list for discussing cosign. People who
reply are all volunteers.
I've install the Cosign server on Red HAT 5.4. I can see the Cosign
login page, but the service cookie don't work.
How I can start the service cookie ?
What do you mean by "don't work"?
Assuming that you are running cosign version 3, the service cookie is
set by the cosign filter. Normally, an end user would visit a
cosign-protected page on a web server running the cosign filter, they
would be redirected to the central weblogin servers (and they will see
the login page if they are not already logged in), and after the user's
identity is authenticated, the user will be sent back to the validation
URL on the web server they originally visited. The cosign handler at
the validation URL on the web server running the cosign filter is what
actually sets the cosign service cookie.
What's means the 'service mod_cosign-2.0' write in the cosign.conf, on
RHEL show error and stop the cosignd ?
Under cosign version 3, the "service" keyword in cosign.conf takes
either 4 or 5 arguments. See the cosign.conf man page (included when
you downloaded cosign, in the "daemon" subdirectory) for a description
of each of these arguments. Here is an example of a service line in
cosign.conf:
service cosign-(.*) https://$1/cosign/valid 0 (.*\.example\.com) cosign-$1
The above service line says, "when a web server running the cosign
filter contacts the central weblogin server with a certificate whose CN
ends in .example.com, allow that server to access cosign service cookies
named cosign- followed by the CN; for URL validation, send the user to
/cosign/valid using HTTPS at the hostname corresponding to the CN; and
use the default cosign protocol and do not allow the web server to
retrieve Kerberos tickets".
You are getting an error and cosignd does not start because "service
mod_cosign-2.0" is not a valid service line for cosign.conf. See the
cosign.conf man page.
Mark Montague
ITS Web/Database Team
The University of Michigan
[email protected]
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
