On Jan 9, 2013, at 5:33 AM, Florian Mueller <flo2muel...@gmail.com> wrote:
> ...Maybe you find the time to answer three more questions?
>
> 1) Is there any way to bypass the logout verification screen? I really don't
> need verification when I redirect
> the user from a service logout script to central logout.
Not at the moment, no. Please file a feature request on the cosign tracker:
http://p.sf.net/cosign/tracker
> 2) I haven't already tried (because my setup is not ready) but is it possible
> to authenticate against kerberos
> using email-addresses? I don't need the friend feature. But I expect the
> friend factor to steal the credentials
> if login is an email-address.
Yes. Use the "passwd" keyword in your cosign.conf:
passwd kerberos (.+)@.+ $1 MY.KRB5.REALM
passwd kerberos ([^@]+) $1 MY.KRB5.REALM
The top pattern should cause the cgi to extract krb5 principal names from
e-mail addresses; the second pattern is the standard kerberos principal
matching rule used by the cgi.
> 3) Is there a possibility to make the google-auth factor required for all
> services and not just the ones which
> define it inside the filter.
Not yet. Cosign's current multifactor implementation is service-driven: the
protected service determines how much authentication is required before
granting access. There's work underway to add hooks to the cgi requiring
multifactor authN depending on which user is authenticating.
andrew
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
