-----Original Message----- From: Mark Montague [mailto:[email protected]] Sent: Thursday, June 21, 2012 3:46 PM To: [email protected]; James Yerge Subject: Re: [Cosign-discuss] Authentication Help
On June 21, 2012 11:46 , James Yerge <[email protected]> wrote: > First what I'm attempting to do is authenticate to a cosign server > (preferably using the cosignd protocol) via PHP using a simple factor > I created. The factor is a small shell script that checks the values > of username and password fields, which is post data, e.g.; > username=admin&password=admin. My intent is to simply verify that the > username and password provided are allowed to log-in. I've > successfully done this using the cURL extension in PHP. > > Is it possible to perform authentication by talking directly to the > cosignd protocol? My suspicious are no but I'm probably wrong - it > appears to that the CGI executes the factor(s) not cosignd. > A very important design consideration with cosign is that a web server that uses cosign be able to be compromised without affecting the security of the organizations' other cosign-protected web servers. To achieve this, it is important that passwords not be accepted by the individual web servers, where they could be captured by someone who breaks in, and re-used on other web servers. What is the situation that makes you want to authenticate users via the cosignd protocol? If you can share both the requirements and why you have those particular requirements, we may be able to suggest a different architecture that accomplishes the same business goals. -- Mark Montague [email protected] Understood. If it's safer to simply use cURL without speaking directly to the cosign daemon then that's acceptable. As for the requirements, all I need to know is if the user/pass combination authenticates successfully to the configured cosign service. What I'm attempting to accomplish is integrate a new authentication type into our product which interfaces with cosign using the provided credentials via our application. We support LDAP and our own authentication methods of logging in. The task of implementing this functionality was assigned to me. If this needs more clarity, let me know. Thanks, James ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
