Hello,
I'm implementing a second factor and would like to confirm that I'm not
missing something important.
On my cosignhost, I have a second factor configured that simply checks a
group to determine if the user is a member (based on the login provided):
factor /var/cosign/scripts/cosign-validgroup -2 login
Based on my understanding of the docs, this second factor will always be
checked because we'll always have "login" from the posted form. It
shouldn't matter whether the user is re-directed to the cosignhost (by
visiting CosignProtected content) or if the user visits the cosignhost
directly and logs in. If that is true, is there any situation where this
factor wouldn't be checked following a successful first factor?
My concern centers around a potentially "misconfigured" client machine, one
with CosignProtected content that doesn't specify the second
CosignRequireFactor (or any CosignRequireFactor for that matter). Is it
possible for that client to bypass the second factor? In my limited
testing, the second factor always seems to be processed but I'd appreciate
confirmation.
Matt
------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
