>
> > 1) Is there any way to bypass the logout verification screen? I really
> don't need verification when I redirect
> > the user from a service logout script to central logout.
>
> Not at the moment, no. Please file a feature request on the cosign tracker:
>
> http://p.sf.net/cosign/tracker
Thank you. I implemented it by myself. I will send a patch when it's ready.
> > 2) I haven't already tried (because my setup is not ready) but is it
> possible to authenticate against kerberos
> > using email-addresses? I don't need the friend feature. But I expect the
> friend factor to steal the credentials
> > if login is an email-address.
>
> Yes. Use the "passwd" keyword in your cosign.conf:
>
> passwd kerberos (.+)@.+ $1 MY.KRB5.REALM
> passwd kerberos ([^@]+) $1 MY.KRB5.REALM
>
> The top pattern should cause the cgi to extract krb5 principal names from
> e-mail addresses; the second pattern is the standard kerberos principal
> matching rule used by the cgi.
OK, this is cool, will use that, thanks.
>
> 3) Is there a possibility to make the google-auth factor required for all
> services and not just the ones which
> > define it inside the filter.
>
> Not yet. Cosign's current multifactor implementation is service-driven:
> the protected service determines how much authentication is required before
> granting access. There's work underway to add hooks to the cgi requiring
> multifactor authN depending on which user is authenticating.
>
Yeah, this would be cool. Luckily the cosign code is more or less
understandable so I can hack such features by myself until they made it
into master.
Florian
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
