Cosign is firmly tied to using a login & password against a Kerberos realm.
You would not be able to use a keytab or existing Kerberos ticket to
authenticate. The cookies are just random strings used to reference data
stored on the Cosign servers. They do not contain data, nor are they
derived from data.
On Sat, Nov 25, 2017 at 7:20 PM, Chris Hecker <chec...@d6.com> wrote:
>
> I'm hoping the answer is 'no' for my current application, but is there a
> way for a user with a valid krb5 account on the kdc and a keytab file (or
> TGT) for that account to log into cosign without knowing the password used
> to make the key? In other words, there's no way to skip the plaintext
> password entry and pass a key or a TGT directly to cosign, right?
>
> Or, would it be possible to set the cookies correctly manually if the user
> has the key and/or a TGT for the key? It doesn't seem like it from looking
> at the code because then the corresponding cookie file wouldn't exist in
> the /var/cosign/daemon directory, but I wanted to make sure.
>
> Thanks,
> Chris
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Cosign-discuss mailing list
> Cosign-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
