Authenticate Cyrus off active directory
Mark Montague
markmont at umich.edu
Thu Dec 4 12:56:32 EST 2003
On Thu, 4 Dec 2003, Rob Siemborski wrote:
> > > The trick is that you need to get the user's kerberos ticket to the web
> > > server, which we accomplish via a system known as pubcookie, which has
> > > been developed by a few universities. Its sort of like
> > > kerberos-via-cookies, though the kerberos ticket passing bit is somewhat
> > > disconnected from the main system.
> >
> > This was the stumbling block in my mental exercises to get this working.
> > I'd never heard of pubcookie before :-)
>
> http://www.pubcookie.org/
An alternative to pubcookie that doesn't rely on domain cookies
is cosign. http://weblogin.org/ Like pubcookie, cosign is a
part of the Shibboleth Internet 2 Middleware project. Documentation
is not as good as pubcookie's but a neat feature of cosign is
that (if you choose to allow it) people can create their own
accounts (known as "friend accounts").
Mark Montague
LS&A Information Technology
The University of Michigan
markmont at umich.edu
More information about the Info-cyrus
mailing list