Mark Montague wrote: > On October 16, 2011 19:17 , J LANCE WILKINSON <jl...@psu.edu> wrote: >> I have a directory that I want to protect access to. >> >> For my local staff, I want that protection to be by CoSign. >> >> For non-local staff, I want that protection to be by standard Apache >> BASIC >> authentication using >> >> AuthType Basic >> AuthName "Restricted Files" >> AuthUserFile /passwd/passwords >> Require valid-user > > Why do you want to mix cosign and basic auth? You're basically throwing > away single-sign-on and all the other benefits of cosign and getting > into the business of storing and managing passwords (which is bad).
Why? Just made sense to me: 1) We have a small deployment utilities site that I can lock down for those of us who are part of our local institution (maybe 6 individuals) using CoSign. 2) That deployment utilities site I want to make available for fellow developers at other institutions, but only after they have submitted to a vetting process under the control of those individuals cited in (1). > > Have you considered using cosign/Friend accounts for the non-local > staff? If your institution does not support the Friend (guest) account > system with cosign, can your institution create local IDs (Kerberos > principals, LDAP entries, or whatever) for your non-local staff? They (those who run the CoSign installation for the institution) don't offer cosign/Friend here. I have no control over what kind of CoSign services are offered except my own services. They (as defined earlier) do offer a "Friends" registration that would work with CoSign, however I have no control over the vetting operation for that access. So I'm still saddled with maintaining my own separately vetted list. If I'm going to do that, and automate it in any reasonable manner, I figured that setting up basic authentication might be the simplest method of doing it. I've backed off the idea of allowing both CoSign and Basic authentication now in fact, opting to go with strictly Basic and forcing those individuals cited in (1) above to also go thru the vetting process (trivial, but does require personal experience between the vettee and the vettor to activate). -- J.Lance Wilkinson ("Lance") InterNet: lance.wilkin...@psu.edu Systems Design Specialist - Lead Phone: (814) 865-4870 Digital Library Technologies FAX: (814) 863-3560 E3 Paterno Library Penn State University University Park, PA 16802 ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss