There is an LDAP factor. We're looking for a solution that doesn't involve
adding javascript on top of the login web page.
On Mon, Jul 14, 2014 at 1:54 PM, Liam Hoekenga <li...@umich.edu> wrote:
> I think you could strip it out using javascript.
>
> Did you write an LDAP factor? Are you using PAM?
>
> Liam
>
>
> On Mon, Jul 14, 2014 at 1:50 PM, Michael Ghen <mikeg...@brandeis.edu>
> wrote:
>
>> I do not see @brandeis.edu anywhere. I think it only shows up when
>> someone manually types it after their username. Is there a way to configure
>> cosign such that if it sees @brandeis.edu it will still just check
>> Active Directory? Basically just ignore the @brandeis.edu?
>>
>>
>> On Mon, Jul 14, 2014 at 1:42 PM, Liam Hoekenga <li...@umich.edu> wrote:
>>
>>> Do you see @brandeis.edu show up in the UI? Something's got to be
>>> adding it before the form is POSTed, otherwise the mysql stuff wouldn't be
>>> getting invoked.
>>>
>>> Liam
>>>
>>>
>>> On Mon, Jul 14, 2014 at 12:57 PM, Michael Ghen <mikeg...@brandeis.edu>
>>> wrote:
>>>
>>>> Thanks again, I appreciate the help. We use AD via LDAP. I'm not sure
>>>> that we're seeing occurrences of "@brandeis....@brandeis.edu" that was
>>>> just a hunch. Do you have any other suggestions for things to try?
>>>>
>>>>
>>>> On Mon, Jul 14, 2014 at 11:49 AM, Liam Hoekenga <li...@umich.edu>
>>>> wrote:
>>>>
>>>>> I was mostly thinking that if you wanted to, you could use passwd to
>>>>> configure usernames containing @brandeis.edu to point at a kerberos
>>>>> realm instead of the guest system.
>>>>> Are you using AD via LDAP or kerberos? I believe that "passwd" only
>>>>> lets you configure kerberos and guest (mysql), so if you're using LDAP or
>>>>> PAM to actually handle the authentication, it probably wouldn't be useful.
>>>>>
>>>>> The @brandeis.edu and the "cannot connect to guest database" are
>>>>> pretty clearly connected.
>>>>> The occurrences of "@brandeis....@brandeis.edu" suggest to me that
>>>>> maybe you've got something in the UI that's updating the form value. An
>>>>> over-zealous javascript? A default value in the username field of the
>>>>> login form?
>>>>>
>>>>> Liam
>>>>>
>>>>>
>>>>> On Mon, Jul 14, 2014 at 11:39 AM, Michael Ghen <mikeg...@brandeis.edu>
>>>>> wrote:
>>>>>
>>>>>> We use Active Directory.
>>>>>>
>>>>>>
>>>>>> On Mon, Jul 14, 2014 at 11:35 AM, Liam Hoekenga <li...@umich.edu>
>>>>>> wrote:
>>>>>>
>>>>>>> Are you using kerberos on the backend?
>>>>>>>
>>>>>>> Liam
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Jul 14, 2014 at 11:34 AM, Michael Ghen <
>>>>>>> mikeg...@brandeis.edu> wrote:
>>>>>>>
>>>>>>>> Thanks Liam,
>>>>>>>>
>>>>>>>> I am not using the passwd directive. Will using it resolve this
>>>>>>>> issue?
>>>>>>>>
>>>>>>>> Mike
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Jul 14, 2014 at 11:22 AM, Liam Hoekenga <li...@umich.edu>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> The man page for cosign.conf explains the "Unable to connect to
>>>>>>>>> guest account database" error:
>>>>>>>>>
>>>>>>>>> The keyword passwd is used to control password based
>>>>>>>>> authentication of
>>>>>>>>> a user using the Kerberos and MySQL internal
>>>>>>>>> authenticators. Where this
>>>>>>>>> keyword is not specified, usernames containing an ’@’ are
>>>>>>>>> authenticated
>>>>>>>>> through mysql, all other usernames are authenticated with
>>>>>>>>> Kerberos.
>>>>>>>>>
>>>>>>>>> Are you using the "passwd" directive in your cosign.conf?
>>>>>>>>> If so, what do the entries look like?
>>>>>>>>>
>>>>>>>>> Liam
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Jul 14, 2014 at 10:06 AM, Michael Ghen <
>>>>>>>>> mikeg...@brandeis.edu> wrote:
>>>>>>>>>
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> My name is Mike and I work at Brandeis University where we use
>>>>>>>>>> Cosign. Recently, we've noticed that when a user enters their
>>>>>>>>>> username with
>>>>>>>>>> @brandeis.edu at the end, they recieve this error: "Unable to
>>>>>>>>>> connect to guest account database."
>>>>>>>>>>
>>>>>>>>>> We're trying to remove this error so that user can still sign in
>>>>>>>>>> but we're unsure about where it is generated. We think that cosign is
>>>>>>>>>> appending "@brandeis.edu" before it looks up the account which
>>>>>>>>>> would make the username have "...@brandeis....@brandeis.edu." We
>>>>>>>>>> could not find anything in the configuration files to suggest that
>>>>>>>>>> is the
>>>>>>>>>> case. While we explore other options, I figured I would reach out
>>>>>>>>>> for help
>>>>>>>>>> from the Cosign community. If anyone has any suggestions or can
>>>>>>>>>> offer any
>>>>>>>>>> guidance, please let me know.
>>>>>>>>>>
>>>>>>>>>> Thank you,
>>>>>>>>>>
>>>>>>>>>> Mike
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>> Want fast and easy access to all the code in your enterprise?
>>>>>>>>>> Index and
>>>>>>>>>> search up to 200,000 lines of code with a free copy of Black
>>>>>>>>>> Duck®
>>>>>>>>>> Code Sight™ - the same software that powers the world's
>>>>>>>>>> largest code
>>>>>>>>>> search on Ohloh, the Black Duck Open Hub! Try it now.
>>>>>>>>>> http://p.sf.net/sfu/bds
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Cosign-discuss mailing list
>>>>>>>>>> Cosign-discuss@lists.sourceforge.net
>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck®
Code Sight™ - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
