forked from cosignweblogin/cosign
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NOTES
executable file
·77 lines (57 loc) · 1.44 KB
/
NOTES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
new os x pkg for 2.0
sourceforge
----
keyword notauth for cosign.conf(5)
----
email addresses can be 256 wes sez
MODULE:
unhappy with cookieparsing in cosign_auth().
unhappy with cookie_valid/read_scookie division.
TODO:
cookie obscuring - post 1.0
CGI:
conf file
COSIGND:
actual load prob is number of cookies
more conf file
4) cert matching
post 1.0
not doing much with cosign-[name]
Protocol:
cosign.cgi:
LOGIN login_cookie ip princ realm "kerberos"
LOGOUT login_cookie ip
REGISTER login_cookie ip service_cookie
CHECK login_cookie
mod_cosign:
CHECK service_cookie
RETRIEVE service_cookie ip tkt
cosignd:
POLL timestamp
everyone:
STARTTLS
NOOP: no op.
QUIT: quit
Misc notes:
-request creds again per service ( during register )
-warning when using sso ( during register )
configuration files:
cosignd: has a list ( in /usr/local/etc/cosign.conf? ) of
services, which tickets they can request.
cosign.cgi: service menu top of site,
top of site policy, name of service for display ( e.g.
"Conferencing on the Web" ), name of service for cookies
minus cosign- ( e.g. "cow" ), is include in service list?.
FILE FORMAT:
cosign=
v1.0
s<0/1>
i141.211.164.2
pcanna
rUMICH.EDU
t<secondssince1970>
[k<path_to_k5_tfile>]
cosign-service=
l<path_to_login_cookie>
conf file:
keyword[ cgi, daemon, service ], hostname[ subject cn ], get_tickets[ 0/1 ]