Hey folks - I know this might seem like a silly idea, but I don't suppose that someone's written a PAM module that authenticates using cosign?
We're using Cosign to be the authentication provider for our shib installation. One of the shibboleth endpoints (ECP) is for providing shibboleth based authentication to non-browser based applications. That endpoint needs to present itself as "Basic Auth". Our cosign installation primarily authenticates against kerberos, and our LDAP servers do simple binds against kerberos, so I /could/ protect the ECP endpoint using mod_auth_kerb or mod_authnz_ldap.. but I was trying to figure out if I could do something that would authenticate against cosign itself - so it was backend agnostic (so it would also support Friend logins). I don't want to permit the friend database more broadly that it is currently, nor do I wish to expose the connection information for the friend database beyond our cosign servers. So, it seems like the best tactic would be to authenticate directly against cosign (and PAM came to mind.. probably for use w/ mod_auth_external..) suggestions? Liam ------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
