Authenticate Cyrus off active directory

Mark Montague markmont at
Thu Dec 4 12:56:32 EST 2003

On Thu, 4 Dec 2003, Rob Siemborski wrote:

> > > The trick is that you need to get the user's kerberos ticket to the web
> > > server, which we accomplish via a system known as pubcookie, which has
> > > been developed by a few universities.  Its sort of like
> > > kerberos-via-cookies, though the kerberos ticket passing bit is somewhat
> > > disconnected from the main system.
> >
> > This was the stumbling block in my mental exercises to get this working.
> > I'd never heard of pubcookie before :-)

An alternative to pubcookie that doesn't rely on domain cookies
is cosign.  Like pubcookie, cosign is a
part of the Shibboleth Internet 2 Middleware project.  Documentation
is not as good as pubcookie's but a neat feature of cosign is
that (if you choose to allow it) people can create their own
accounts (known as "friend accounts").

                Mark Montague
                LS&A Information Technology
                The University of Michigan
                markmont at

More information about the Info-cyrus mailing list