Mark Montague wrote:
> On October 16, 2011 19:17 , J LANCE WILKINSON <jl...@psu.edu> wrote:
>> I have a directory that I want to protect access to.
>>
>> For my local staff, I want that protection to be by CoSign.
>>
>> For non-local staff, I want that protection to be by standard Apache
>> BASIC
>> authentication using
>>
>> AuthType Basic
>> AuthName "Restricted Files"
>> AuthUserFile /passwd/passwords
>> Require valid-user
>
> Why do you want to mix cosign and basic auth? You're basically throwing
> away single-sign-on and all the other benefits of cosign and getting
> into the business of storing and managing passwords (which is bad).
Why? Just made sense to me:
1) We have a small deployment utilities site that I can lock down
for those of us who are part of our local institution
(maybe 6 individuals) using CoSign.
2) That deployment utilities site I want to make available for
fellow developers at other institutions, but only after
they have submitted to a vetting process under the control
of those individuals cited in (1).
>
> Have you considered using cosign/Friend accounts for the non-local
> staff? If your institution does not support the Friend (guest) account
> system with cosign, can your institution create local IDs (Kerberos
> principals, LDAP entries, or whatever) for your non-local staff?
They (those who run the CoSign installation for the institution)
don't offer cosign/Friend here. I have no control over what
kind of CoSign services are offered except my own services.
They (as defined earlier) do offer a "Friends" registration
that would work with CoSign, however I have no control over the
vetting operation for that access. So I'm still saddled with
maintaining my own separately vetted list. If I'm going to do
that, and automate it in any reasonable manner, I figured that
setting up basic authentication might be the simplest method
of doing it.
I've backed off the idea of allowing both CoSign and Basic
authentication now in fact, opting to go with strictly Basic
and forcing those individuals cited in (1) above to also go thru
the vetting process (trivial, but does require personal experience
between the vettee and the vettor to activate).
--
J.Lance Wilkinson ("Lance") InterNet: lance.wilkin...@psu.edu
Systems Design Specialist - Lead Phone: (814) 865-4870
Digital Library Technologies FAX: (814) 863-3560
E3 Paterno Library
Penn State University
University Park, PA 16802
------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn
about Cisco certifications, training, and career opportunities.
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
