I do not see @brandeis.edu anywhere. I think it only shows up when someone
manually types it after their username. Is there a way to configure cosign
such that if it sees @brandeis.edu it will still just check Active
Directory? Basically just ignore the @brandeis.edu?
On Mon, Jul 14, 2014 at 1:42 PM, Liam Hoekenga <li...@umich.edu> wrote:
> Do you see @brandeis.edu show up in the UI? Something's got to be adding
> it before the form is POSTed, otherwise the mysql stuff wouldn't be getting
> invoked.
>
> Liam
>
>
> On Mon, Jul 14, 2014 at 12:57 PM, Michael Ghen <mikeg...@brandeis.edu>
> wrote:
>
>> Thanks again, I appreciate the help. We use AD via LDAP. I'm not sure
>> that we're seeing occurrences of "@brandeis....@brandeis.edu" that was
>> just a hunch. Do you have any other suggestions for things to try?
>>
>>
>> On Mon, Jul 14, 2014 at 11:49 AM, Liam Hoekenga <li...@umich.edu> wrote:
>>
>>> I was mostly thinking that if you wanted to, you could use passwd to
>>> configure usernames containing @brandeis.edu to point at a kerberos
>>> realm instead of the guest system.
>>> Are you using AD via LDAP or kerberos? I believe that "passwd" only
>>> lets you configure kerberos and guest (mysql), so if you're using LDAP or
>>> PAM to actually handle the authentication, it probably wouldn't be useful.
>>>
>>> The @brandeis.edu and the "cannot connect to guest database" are pretty
>>> clearly connected.
>>> The occurrences of "@brandeis....@brandeis.edu" suggest to me that
>>> maybe you've got something in the UI that's updating the form value. An
>>> over-zealous javascript? A default value in the username field of the
>>> login form?
>>>
>>> Liam
>>>
>>>
>>> On Mon, Jul 14, 2014 at 11:39 AM, Michael Ghen <mikeg...@brandeis.edu>
>>> wrote:
>>>
>>>> We use Active Directory.
>>>>
>>>>
>>>> On Mon, Jul 14, 2014 at 11:35 AM, Liam Hoekenga <li...@umich.edu>
>>>> wrote:
>>>>
>>>>> Are you using kerberos on the backend?
>>>>>
>>>>> Liam
>>>>>
>>>>>
>>>>> On Mon, Jul 14, 2014 at 11:34 AM, Michael Ghen <mikeg...@brandeis.edu>
>>>>> wrote:
>>>>>
>>>>>> Thanks Liam,
>>>>>>
>>>>>> I am not using the passwd directive. Will using it resolve this issue?
>>>>>>
>>>>>> Mike
>>>>>>
>>>>>>
>>>>>> On Mon, Jul 14, 2014 at 11:22 AM, Liam Hoekenga <li...@umich.edu>
>>>>>> wrote:
>>>>>>
>>>>>>> The man page for cosign.conf explains the "Unable to connect to
>>>>>>> guest account database" error:
>>>>>>>
>>>>>>> The keyword passwd is used to control password based
>>>>>>> authentication of
>>>>>>> a user using the Kerberos and MySQL internal authenticators.
>>>>>>> Where this
>>>>>>> keyword is not specified, usernames containing an ’@’ are
>>>>>>> authenticated
>>>>>>> through mysql, all other usernames are authenticated with
>>>>>>> Kerberos.
>>>>>>>
>>>>>>> Are you using the "passwd" directive in your cosign.conf?
>>>>>>> If so, what do the entries look like?
>>>>>>>
>>>>>>> Liam
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Jul 14, 2014 at 10:06 AM, Michael Ghen <
>>>>>>> mikeg...@brandeis.edu> wrote:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> My name is Mike and I work at Brandeis University where we use
>>>>>>>> Cosign. Recently, we've noticed that when a user enters their username
>>>>>>>> with
>>>>>>>> @brandeis.edu at the end, they recieve this error: "Unable to
>>>>>>>> connect to guest account database."
>>>>>>>>
>>>>>>>> We're trying to remove this error so that user can still sign in
>>>>>>>> but we're unsure about where it is generated. We think that cosign is
>>>>>>>> appending "@brandeis.edu" before it looks up the account which
>>>>>>>> would make the username have "...@brandeis....@brandeis.edu." We
>>>>>>>> could not find anything in the configuration files to suggest that is
>>>>>>>> the
>>>>>>>> case. While we explore other options, I figured I would reach out for
>>>>>>>> help
>>>>>>>> from the Cosign community. If anyone has any suggestions or can offer
>>>>>>>> any
>>>>>>>> guidance, please let me know.
>>>>>>>>
>>>>>>>> Thank you,
>>>>>>>>
>>>>>>>> Mike
>>>>>>>>
>>>>>>>>
>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>> Want fast and easy access to all the code in your enterprise? Index
>>>>>>>> and
>>>>>>>> search up to 200,000 lines of code with a free copy of Black
>>>>>>>> Duck®
>>>>>>>> Code Sight™ - the same software that powers the world's
>>>>>>>> largest code
>>>>>>>> search on Ohloh, the Black Duck Open Hub! Try it now.
>>>>>>>> http://p.sf.net/sfu/bds
>>>>>>>> _______________________________________________
>>>>>>>> Cosign-discuss mailing list
>>>>>>>> Cosign-discuss@lists.sourceforge.net
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck®
Code Sight™ - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
