On Jan 9, 2013, at 5:33 AM, Florian Mueller <flo2muel...@gmail.com> wrote:
> ...Maybe you find the time to answer three more questions? > > 1) Is there any way to bypass the logout verification screen? I really don't > need verification when I redirect > the user from a service logout script to central logout. Not at the moment, no. Please file a feature request on the cosign tracker: http://p.sf.net/cosign/tracker > 2) I haven't already tried (because my setup is not ready) but is it possible > to authenticate against kerberos > using email-addresses? I don't need the friend feature. But I expect the > friend factor to steal the credentials > if login is an email-address. Yes. Use the "passwd" keyword in your cosign.conf: passwd kerberos (.+)@.+ $1 MY.KRB5.REALM passwd kerberos ([^@]+) $1 MY.KRB5.REALM The top pattern should cause the cgi to extract krb5 principal names from e-mail addresses; the second pattern is the standard kerberos principal matching rule used by the cgi. > 3) Is there a possibility to make the google-auth factor required for all > services and not just the ones which > define it inside the filter. Not yet. Cosign's current multifactor implementation is service-driven: the protected service determines how much authentication is required before granting access. There's work underway to add hooks to the cgi requiring multifactor authN depending on which user is authenticating. andrew ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712 _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss