Mark Montague wrote:
> On November 29, 2011 16:28 , "J.Lance Wilkinson" <[email protected]> wrote:
>> I guess I'm confused that something which SEEMS as commonly needed as
>> this kind
>> of feature would be, that there wouldn't be a cut/paste cookbook to
>> implement
>> it. Every example in these discussions (and I see there are a few)
>> differ in
>> details and I've tried to model every one of them with no luck.
>
>
> I think what you are trying to do is really neat, and I agree that it
> can be useful. I've never needed to do it, though, because I've been
> lazy and lucky and have always been able to configure my web
> applications to use cosign for authenticating users and to use something
> else (a client-side SSL certificate, or a "trusted" IP address) to
> authenticate scripts. The "Satisfy any" directive for Apache HTTP
> Server is useful for this.
> Hopefully someone else -- someone who has written a script that
> authenticates by emulating a web browser -- will be able to help with
> the question you actually asked.
>
> The overall flow should be:
... 4 steps clearly laying out what I need to do ...
>
> I suspect that, from what you described, you are not performing steps
> 3b-3e, all of which should be performed by the third curl command you
> listed. Try to get a better idea of what the third curl command is or
> is not doing; the -v or --head options may be useful for this if the -w
> you already have is not showing you what's happening.
I'm beginning to suspect that my problem now is a scripting issue
-- because when I MANUALLY execute the commands from my script, the
same commands I originally cited in my post, and they coincide with
your 4 steps precisely, I think, I DO get thru to the application on
the POST -- enough to be refused BY THE REMOTE APPLICATION because of
an *authorization error* -- so I know the CoSign *authentication* IS
suceeding or I wouldn't be getting that far. The CoSign authentication
fails when I execute them together in my script, however.
> Again, I recommend using a different type of authentication for scripts,
> such as client-side SSL certificates, if this is possible in your case.
I'm not familiar of a way to set up authentication/authorization in
Apache HTTPD, which is running the NAGIOS GUI I'm trying to work with
that is already COSIGN protected, such that APACHE would do the
client-side SSL authentication. I suspect it would require that
the NAGIOS GUI cgi script(s) effect the client-side SSL stuff, would
it not? And I don't have the resources/permissions to change it;
wouldn't really want those anyway as I don't want to un-standardize
it...
--
J.Lance Wilkinson ("Lance") InterNet: [email protected]
Systems Design Specialist - Lead Phone: (814) 865-4870
Digital Library Technologies FAX: (814) 863-3560
E3 Paterno Library
Penn State University
University Park, PA 16802
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
