On Thu, 4 Dec 2003, Rob Siemborski wrote: > > > The trick is that you need to get the user's kerberos ticket to the web > > > server, which we accomplish via a system known as pubcookie, which has > > > been developed by a few universities. Its sort of like > > > kerberos-via-cookies, though the kerberos ticket passing bit is somewhat > > > disconnected from the main system. > > > > This was the stumbling block in my mental exercises to get this working. > > I'd never heard of pubcookie before :-) > > http://www.pubcookie.org/
An alternative to pubcookie that doesn't rely on domain cookies is cosign. http://weblogin.org/ Like pubcookie, cosign is a part of the Shibboleth Internet 2 Middleware project. Documentation is not as good as pubcookie's but a neat feature of cosign is that (if you choose to allow it) people can create their own accounts (known as "friend accounts"). Mark Montague LS&A Information Technology The University of Michigan [EMAIL PROTECTED]