On Aug 1, 2013, at 12:07 PM, Liam Hoekenga <li...@umich.edu> wrote: > Hey folks - > > I know this might seem like a silly idea, but I don't suppose that > someone's written a PAM module that authenticates using cosign?
It's actually not that far-fetched, given that we've already written the Michigan SSO iPhone app, which wraps cosign authentication in a similar way. It could probably be done fairly quickly with libcurl as the vehicle for authN over https. andrew > > We're using Cosign to be the authentication provider for our shib > installation. One of the shibboleth endpoints (ECP) is for providing > shibboleth based authentication to non-browser based applications. > That endpoint needs to present itself as "Basic Auth". Our cosign > installation primarily authenticates against kerberos, and our LDAP > servers do simple binds against kerberos, so I /could/ protect the ECP > endpoint using mod_auth_kerb or mod_authnz_ldap.. but I was trying to > figure out if I could do something that would authenticate against > cosign itself - so it was backend agnostic (so it would also support > Friend logins). > > I don't want to permit the friend database more broadly that it is > currently, nor do I wish to expose the connection information for the > friend database beyond our cosign servers. So, it seems like the best > tactic would be to authenticate directly against cosign (and PAM came > to mind.. probably for use w/ mod_auth_external..) > > suggestions? > > Liam > > ------------------------------------------------------------------------------ > Get your SQL database under version control now! > Version control is standard for application code, but databases havent > caught up. So what steps can you take to put your SQL databases under > version control? Why should you start doing it? Read more to find out. > http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk > _______________________________________________ > Cosign-discuss mailing list > Cosign-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/cosign-discuss
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
