I won't repeat anything Wes has said. Please read his message. Also,
note that I just run the production cosign servers for the University of
Michigan, I'm not one of the cosign developers/maintainers.
On Thu, Feb 26, 2009 8:37 PM, Bob Radvanovsky <rsrad...@unixworks.net>
wrote:
> (2) I have Red Hat Enterprise Linux 5.3 loaded on it WITH EVERYTHING LOADED.
> I chose the "Use Everything" option.
> (3) I have downloaded OpenSSL 0.9.8. configured, compiled and installed.
> (4) I have downloaded Apache 2.0.63, configured, compiled and installed.
>
If you are using RHEL 5.3, why are you not using the default versions of
OpenSSL and Apache HTTPD that Red Hat installs by default when you
select "Web server" on the "Package Selection" screen during
installation? It's possible and supported to do what you're doing, but
it increases the number of things you have to get right for everything
to work properly.
> There are MULTIPLE instructions for installing this software. There are
> multiple methods for utilizing whatever path you choose.
>
Yes. That's called flexibility. There is no one-size-fits-all
configuration. Still, while I think the various instructions can be
explained more and generally improved (as Trek has said), all of the
sets of instructions have the same basic steps. If you're confused and
just want a single set of instructions, the README (for setting up the
filters) and README.weblogin (for setting up the central weblogin
servers) files that are included with the distributions are the
authoritative references.
> If I understand this correctly, this is to be the "front door" for a portal
> server that, based on the user's ID and password, and based upon their rights
> granted, would grant them permissions of various levels of applications based
> from their login ID and password authentication. Right?
>
cosign is a web single-sign-on solution for an enterprise environment.
While it can be used to provide authentication for a web server that
runs portlets (just as it can be used to provide authentication for most
web servers), cosign has no special support for portal APIs. Note that
an assumption behind cosign is that you'll have enough web servers to
protect that setting up and maintaining a central weblogin server is a
relatively small marginal cost.
Finally, cosign merely makes sure people are who they say they are. It
does not deal in permissions (authorization) -- you can use whatever
authorization solution you want in conjunction with cosign. Depending
on your needs, you may choose LDAP (e.g., mod_authnz_ldap for Apache
HTTPD), a global database (MySQL or Oracle), one or more
web-application-specific databases, Unix groups (via PAM or NIS+), or so on.
Mark Montague
ITCS Web/Database Team
The University of Michigan
markm...@umich.edu
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
