Do you see @brandeis.edu show up in the UI? Something's got to be adding
it before the form is POSTed, otherwise the mysql stuff wouldn't be getting
invoked.
Liam
On Mon, Jul 14, 2014 at 12:57 PM, Michael Ghen <mikeg...@brandeis.edu>
wrote:
> Thanks again, I appreciate the help. We use AD via LDAP. I'm not sure that
> we're seeing occurrences of "@brandeis....@brandeis.edu" that was just a
> hunch. Do you have any other suggestions for things to try?
>
>
> On Mon, Jul 14, 2014 at 11:49 AM, Liam Hoekenga <li...@umich.edu> wrote:
>
>> I was mostly thinking that if you wanted to, you could use passwd to
>> configure usernames containing @brandeis.edu to point at a kerberos
>> realm instead of the guest system.
>> Are you using AD via LDAP or kerberos? I believe that "passwd" only lets
>> you configure kerberos and guest (mysql), so if you're using LDAP or PAM to
>> actually handle the authentication, it probably wouldn't be useful.
>>
>> The @brandeis.edu and the "cannot connect to guest database" are pretty
>> clearly connected.
>> The occurrences of "@brandeis....@brandeis.edu" suggest to me that maybe
>> you've got something in the UI that's updating the form value. An
>> over-zealous javascript? A default value in the username field of the
>> login form?
>>
>> Liam
>>
>>
>> On Mon, Jul 14, 2014 at 11:39 AM, Michael Ghen <mikeg...@brandeis.edu>
>> wrote:
>>
>>> We use Active Directory.
>>>
>>>
>>> On Mon, Jul 14, 2014 at 11:35 AM, Liam Hoekenga <li...@umich.edu>
>>> wrote:
>>>
>>>> Are you using kerberos on the backend?
>>>>
>>>> Liam
>>>>
>>>>
>>>> On Mon, Jul 14, 2014 at 11:34 AM, Michael Ghen <mikeg...@brandeis.edu>
>>>> wrote:
>>>>
>>>>> Thanks Liam,
>>>>>
>>>>> I am not using the passwd directive. Will using it resolve this issue?
>>>>>
>>>>> Mike
>>>>>
>>>>>
>>>>> On Mon, Jul 14, 2014 at 11:22 AM, Liam Hoekenga <li...@umich.edu>
>>>>> wrote:
>>>>>
>>>>>> The man page for cosign.conf explains the "Unable to connect to guest
>>>>>> account database" error:
>>>>>>
>>>>>> The keyword passwd is used to control password based
>>>>>> authentication of
>>>>>> a user using the Kerberos and MySQL internal authenticators.
>>>>>> Where this
>>>>>> keyword is not specified, usernames containing an ’@’ are
>>>>>> authenticated
>>>>>> through mysql, all other usernames are authenticated with
>>>>>> Kerberos.
>>>>>>
>>>>>> Are you using the "passwd" directive in your cosign.conf?
>>>>>> If so, what do the entries look like?
>>>>>>
>>>>>> Liam
>>>>>>
>>>>>>
>>>>>> On Mon, Jul 14, 2014 at 10:06 AM, Michael Ghen <mikeg...@brandeis.edu
>>>>>> > wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> My name is Mike and I work at Brandeis University where we use
>>>>>>> Cosign. Recently, we've noticed that when a user enters their username
>>>>>>> with
>>>>>>> @brandeis.edu at the end, they recieve this error: "Unable to
>>>>>>> connect to guest account database."
>>>>>>>
>>>>>>> We're trying to remove this error so that user can still sign in but
>>>>>>> we're unsure about where it is generated. We think that cosign is
>>>>>>> appending
>>>>>>> "@brandeis.edu" before it looks up the account which would make the
>>>>>>> username have "...@brandeis....@brandeis.edu." We could not find
>>>>>>> anything in the configuration files to suggest that is the case. While
>>>>>>> we
>>>>>>> explore other options, I figured I would reach out for help from the
>>>>>>> Cosign
>>>>>>> community. If anyone has any suggestions or can offer any guidance,
>>>>>>> please
>>>>>>> let me know.
>>>>>>>
>>>>>>> Thank you,
>>>>>>>
>>>>>>> Mike
>>>>>>>
>>>>>>>
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> Want fast and easy access to all the code in your enterprise? Index
>>>>>>> and
>>>>>>> search up to 200,000 lines of code with a free copy of Black
>>>>>>> Duck®
>>>>>>> Code Sight™ - the same software that powers the world's largest
>>>>>>> code
>>>>>>> search on Ohloh, the Black Duck Open Hub! Try it now.
>>>>>>> http://p.sf.net/sfu/bds
>>>>>>> _______________________________________________
>>>>>>> Cosign-discuss mailing list
>>>>>>> Cosign-discuss@lists.sourceforge.net
>>>>>>> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck®
Code Sight™ - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
