I was mostly thinking that if you wanted to, you could use passwd to
configure usernames containing @brandeis.edu to point at a kerberos realm
instead of the guest system.
Are you using AD via LDAP or kerberos? I believe that "passwd" only lets
you configure kerberos and guest (mysql), so if you're using LDAP or PAM to
actually handle the authentication, it probably wouldn't be useful.
The @brandeis.edu and the "cannot connect to guest database" are pretty
clearly connected.
The occurrences of "@brandeis....@brandeis.edu" suggest to me that maybe
you've got something in the UI that's updating the form value. An
over-zealous javascript? A default value in the username field of the
login form?
Liam
On Mon, Jul 14, 2014 at 11:39 AM, Michael Ghen <mikeg...@brandeis.edu>
wrote:
> We use Active Directory.
>
>
> On Mon, Jul 14, 2014 at 11:35 AM, Liam Hoekenga <li...@umich.edu> wrote:
>
>> Are you using kerberos on the backend?
>>
>> Liam
>>
>>
>> On Mon, Jul 14, 2014 at 11:34 AM, Michael Ghen <mikeg...@brandeis.edu>
>> wrote:
>>
>>> Thanks Liam,
>>>
>>> I am not using the passwd directive. Will using it resolve this issue?
>>>
>>> Mike
>>>
>>>
>>> On Mon, Jul 14, 2014 at 11:22 AM, Liam Hoekenga <li...@umich.edu> wrote:
>>>
>>>> The man page for cosign.conf explains the "Unable to connect to guest
>>>> account database" error:
>>>>
>>>> The keyword passwd is used to control password based
>>>> authentication of
>>>> a user using the Kerberos and MySQL internal authenticators.
>>>> Where this
>>>> keyword is not specified, usernames containing an ’@’ are
>>>> authenticated
>>>> through mysql, all other usernames are authenticated with
>>>> Kerberos.
>>>>
>>>> Are you using the "passwd" directive in your cosign.conf?
>>>> If so, what do the entries look like?
>>>>
>>>> Liam
>>>>
>>>>
>>>> On Mon, Jul 14, 2014 at 10:06 AM, Michael Ghen <mikeg...@brandeis.edu>
>>>> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> My name is Mike and I work at Brandeis University where we use Cosign.
>>>>> Recently, we've noticed that when a user enters their username with @
>>>>> brandeis.edu at the end, they recieve this error: "Unable to connect
>>>>> to guest account database."
>>>>>
>>>>> We're trying to remove this error so that user can still sign in but
>>>>> we're unsure about where it is generated. We think that cosign is
>>>>> appending
>>>>> "@brandeis.edu" before it looks up the account which would make the
>>>>> username have "...@brandeis....@brandeis.edu." We could not find
>>>>> anything in the configuration files to suggest that is the case. While we
>>>>> explore other options, I figured I would reach out for help from the
>>>>> Cosign
>>>>> community. If anyone has any suggestions or can offer any guidance, please
>>>>> let me know.
>>>>>
>>>>> Thank you,
>>>>>
>>>>> Mike
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Want fast and easy access to all the code in your enterprise? Index and
>>>>> search up to 200,000 lines of code with a free copy of Black Duck®
>>>>> Code Sight™ - the same software that powers the world's largest
>>>>> code
>>>>> search on Ohloh, the Black Duck Open Hub! Try it now.
>>>>> http://p.sf.net/sfu/bds
>>>>> _______________________________________________
>>>>> Cosign-discuss mailing list
>>>>> Cosign-discuss@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
>>>>>
>>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck®
Code Sight™ - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
