Thanks again, I appreciate the help. We use AD via LDAP. I'm not sure that
we're seeing occurrences of "@brandeis....@brandeis.edu" that was just a
hunch. Do you have any other suggestions for things to try?
On Mon, Jul 14, 2014 at 11:49 AM, Liam Hoekenga <li...@umich.edu> wrote:
> I was mostly thinking that if you wanted to, you could use passwd to
> configure usernames containing @brandeis.edu to point at a kerberos realm
> instead of the guest system.
> Are you using AD via LDAP or kerberos? I believe that "passwd" only lets
> you configure kerberos and guest (mysql), so if you're using LDAP or PAM to
> actually handle the authentication, it probably wouldn't be useful.
>
> The @brandeis.edu and the "cannot connect to guest database" are pretty
> clearly connected.
> The occurrences of "@brandeis....@brandeis.edu" suggest to me that maybe
> you've got something in the UI that's updating the form value. An
> over-zealous javascript? A default value in the username field of the
> login form?
>
> Liam
>
>
> On Mon, Jul 14, 2014 at 11:39 AM, Michael Ghen <mikeg...@brandeis.edu>
> wrote:
>
>> We use Active Directory.
>>
>>
>> On Mon, Jul 14, 2014 at 11:35 AM, Liam Hoekenga <li...@umich.edu> wrote:
>>
>>> Are you using kerberos on the backend?
>>>
>>> Liam
>>>
>>>
>>> On Mon, Jul 14, 2014 at 11:34 AM, Michael Ghen <mikeg...@brandeis.edu>
>>> wrote:
>>>
>>>> Thanks Liam,
>>>>
>>>> I am not using the passwd directive. Will using it resolve this issue?
>>>>
>>>> Mike
>>>>
>>>>
>>>> On Mon, Jul 14, 2014 at 11:22 AM, Liam Hoekenga <li...@umich.edu>
>>>> wrote:
>>>>
>>>>> The man page for cosign.conf explains the "Unable to connect to guest
>>>>> account database" error:
>>>>>
>>>>> The keyword passwd is used to control password based
>>>>> authentication of
>>>>> a user using the Kerberos and MySQL internal authenticators.
>>>>> Where this
>>>>> keyword is not specified, usernames containing an ’@’ are
>>>>> authenticated
>>>>> through mysql, all other usernames are authenticated with
>>>>> Kerberos.
>>>>>
>>>>> Are you using the "passwd" directive in your cosign.conf?
>>>>> If so, what do the entries look like?
>>>>>
>>>>> Liam
>>>>>
>>>>>
>>>>> On Mon, Jul 14, 2014 at 10:06 AM, Michael Ghen <mikeg...@brandeis.edu>
>>>>> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> My name is Mike and I work at Brandeis University where we use
>>>>>> Cosign. Recently, we've noticed that when a user enters their username
>>>>>> with
>>>>>> @brandeis.edu at the end, they recieve this error: "Unable to
>>>>>> connect to guest account database."
>>>>>>
>>>>>> We're trying to remove this error so that user can still sign in but
>>>>>> we're unsure about where it is generated. We think that cosign is
>>>>>> appending
>>>>>> "@brandeis.edu" before it looks up the account which would make the
>>>>>> username have "...@brandeis....@brandeis.edu." We could not find
>>>>>> anything in the configuration files to suggest that is the case. While we
>>>>>> explore other options, I figured I would reach out for help from the
>>>>>> Cosign
>>>>>> community. If anyone has any suggestions or can offer any guidance,
>>>>>> please
>>>>>> let me know.
>>>>>>
>>>>>> Thank you,
>>>>>>
>>>>>> Mike
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> Want fast and easy access to all the code in your enterprise? Index
>>>>>> and
>>>>>> search up to 200,000 lines of code with a free copy of Black
>>>>>> Duck®
>>>>>> Code Sight™ - the same software that powers the world's largest
>>>>>> code
>>>>>> search on Ohloh, the Black Duck Open Hub! Try it now.
>>>>>> http://p.sf.net/sfu/bds
>>>>>> _______________________________________________
>>>>>> Cosign-discuss mailing list
>>>>>> Cosign-discuss@lists.sourceforge.net
>>>>>> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck®
Code Sight™ - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
