[pubcookie-dev] WEBISO CVS update: dors;
webiso/pubcookie/doc config.html,1.17,1.18 install-login.html,1.17,1.18
dors at cac.washington.edu
dors at cac.washington.edu
Tue Feb 10 10:59:52 PST 2004
- Previous message: [pubcookie-dev] WEBISO CVS update: willey;
candv.c,1.21,1.21.2.1 capture_cmd_output.c,2.7,2.7.2.1
check_crypted_blob.c,1.10,1.10.2.1 dtest.c,1.16,1.16.2.1
flavor.c,1.11.2.2,1.11.2.3 flavor.h,1.9,1.9.2.1
flavor_basic.c,1.42.2.8,1.42.2.9 flavor_getcred.c,1.19,1.19.2.1
flavor_uwsecurid.c,1.1.2.12,1.1.2.13 index.cgi.c,1.108.2.11,1.108.2.12
index.cgi.h,1.42.2.2,1.42.2.3 keyclient.c,2.35.2.3,2.35.2.4
keyserver.c,2.36.2.5,2.36.2.6 libpubcookie.c,2.60.2.6,2.60.2.7
libpubcookie.h,1.37.2.4,1.37.2.5 make_crypted_blob.c,1.8,1.8.2.1
mod_pubcookie.c,1.123.2.2,1.123.2.3 mod_pubcookie.h,2.4,2.4.2.1
ntmpl.c,1.9.2.2,1.9.2.3 pbc_apacheconfig.c,2.7,2.7.2.1
pbc_apacheconfig.h,2.6,2.6.2.1 pbc_config.h,1.81.2.5,1.81.2.6
pbc_configure.c,2.5,2.5.2.1 pbc_configure.h,2.5,2.5.2.1
pbc_create.c,1.18,1.18.2.1 pbc_key_generic.c,1.5.2.1,1.5.2.2
pbc_key_local.c,1.9.2.1,1.9.2.2 pbc_logging.c,1.25,1.25.2.1
pbc_logging.h,1.16.2.2,1.16.2.3 pbc_my!
pbc_path.h.in,2.6.2.2,2.6.2.3 pbc_verify.c,1.17,1.17.2.1
pbc_version.h,1.56,1.56.2.1 pubcookie.file_header,1.5,1.5.2.1
pubcookie.h,1.17,1.17.2.1 securid.c,1.13,1.13.2.1 securid.h,1.5,1.5.2.1
securid_securid.c,1.9,1.9.2.1 securid_securid.h,1.2,1.2.2.1
securid_stub.c,1.13.2.1,1.13.2.2 security.c,1.6,1.6.2.1
security.h,1.8,1.8.2.1 security_legacy.c,1.28.2.1,1.28.2.2
speed_test.c,1.7,1.7.2.1 strlcpy.c,2.7,2.7.2.1 strlcpy.h,1.4,1.4.2.1
verify.c,1.19.2.1,1.19.2.2 verify.h,1.11,1.11.2.1
verify_alwaystrue.c,1.12,1.12.2.1 verify_kerberos4.c,1.12,1.12.2.1
verify_kerberos5.c,1.28,1.28.2.1 verify_ldap.c,1.23,1.23.2.1
verify_shadow.c,1.14,1.14.2.1 verify_uwsecurid.c,1.1.2.5,1.1.2.6
what_is_my_ip.c,1.9,1.9.2.1
- Next message: [pubcookie-dev] WEBISO CVS update: dors;
webiso/pubcookie/doc install-mod_pubcookie.html,1.2,1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /usr/local/cvsroot/webiso/pubcookie/doc
In directory webiso-cvs.cac.washington.edu:/var/tmp/cvs-serv15116
Modified Files:
config.html install-login.html
Log Message:
More documentation changes:
- added new config variables to config.html:
keyserver_client_list
static_user_field
retain_username_on_failed_authn
trim_username_to_atsign
- documented new site policies in install-login.html
- inserted "fixme" reminders to look at later
Index: webiso/pubcookie/doc/config.html
diff -c webiso/pubcookie/doc/config.html:1.17 webiso/pubcookie/doc/config.html:1.18
*** webiso/pubcookie/doc/config.html:1.17 Fri Jan 30 15:33:41 2004
--- webiso/pubcookie/doc/config.html Tue Feb 10 10:59:50 2004
***************
*** 87,102 ****
login server and app servers</td> </tr>
<tr>
! <td>keymgt_uri</td><td> string</td><td> the location of the
! "keyserver" CGI.</td> </tr>
<tr>
! <td>keydir</td><td> string</td><td> location of DES keys used for
! encrypting cookies sent to the app server</td>
! </tr>
<tr>
! <td>umask</td><td> string</td><td> umask used when creating files</td>
</tr>
<tr>
--- 87,114 ----
login server and app servers</td> </tr>
<tr>
! <td>keymgt_uri </td>
! <td>string</td>
! <td>The location of the keyserver.</td>
! </tr>
!
! <tr>
! <td>keydir</td>
! <td>string</td>
! <td>The location of DES encryption keys, one for each server.</td>
! </tr>
<tr>
! <td>keyserver_client_list</td>
! <td>list</td>
! <td>The hosts authorized to use the keyclient "permit" option to
! add new servers to the keystore.</td>
! </tr>
<tr>
! <td>umask</td>
! <td> string</td>
! <td> The umask used when creating files.</td>
</tr>
<tr>
***************
*** 132,137 ****
--- 144,176 ----
<td>default_l_expire</td>
<td>time</td>
<td>Defines the default duration of a single sign-on session (login cookie expiry). Default: 8 hours.</td>
+ </tr>
+
+ <tr>
+ <td>static_user_field</td>
+ <td>enumerated</td>
+ <td>Defines the site policy on the editability of the userid field on the login page.
+ Policy values are: <tt>never</tt>, which never denies the user to change the userid,
+ even on session reauth; <tt>kind</tt>, which allows the user to change the userid if
+ the login cookie has expired; and <tt>always</tt>, which keeps the userid field static
+ and uneditable whenever there is a userid available in the login cookie (expired or
+ otherwise). Default: <tt>kind</tt>.</td>
+ </tr>
+
+ <tr>
+ <td>retain_username_on_failed_authn</td>
+ <td>int</td>
+ <td>Defines whether the userid is retained on failed authentication attempts. Values:
+ <tt>1</tt> to retain; <tt>0</tt> not to retain. Default: [fixme: we'll find out... i
+ think it's 0]</td>
+ </tr>
+
+ <tr>
+ <td>trim_username_to_atsign</td>
+ <td>int</td>
+ <td>Defines the site policy on verifying userids that have been entered as email addresses
+ (e.g. <i>joe at example.edu</i>). Values: <tt>1</tt>, trims off the realm before verifying;
+ <tt>0</tt>, doesn't trim. Default: <tt>0</tt>. [fixme: 0/1, or off/on??]</td>
</tr>
<tr>
Index: webiso/pubcookie/doc/install-login.html
diff -c webiso/pubcookie/doc/install-login.html:1.17 webiso/pubcookie/doc/install-login.html:1.18
*** webiso/pubcookie/doc/install-login.html:1.17 Thu Feb 5 15:02:53 2004
--- webiso/pubcookie/doc/install-login.html Tue Feb 10 10:59:50 2004
***************
*** 35,40 ****
--- 35,41 ----
<li><a href="#ok_browsers">Browser Acceptance Configuration</a></li>
<li><a href="#logout">Logout Configuration</a></li>
<li><a href="#kiosk">Kiosk Configuration</a></li>
+ <li><a href="#policy">Site Policy Configuration</a></li>
<li><a href="#krb5">Kerberos 5 Verifier Configuration</a></li>
<li><a href="#upgrading">Upgrading</a></li>
<li><a href="#advconfig">Advanced Configuration</a></li>
***************
*** 740,745 ****
--- 741,779 ----
but resources and tools, such as the <a href="http://www.microsoft.com/windows/ieak/default.asp">Internet
Explorer Administration Kit</a>, do exist to help with this task.</p>
+ <h4><a name="policy">Site Policy Configuration</a></h4>
+
+ <p>This section highlights some of the possible site policies you can
+ define in your config file. These options may be overlooked, but they
+ can enhance the user experience and shape the security policy of your
+ login server.</p>
+
+ <ul>
+
+ <li><p>Use <tt>default_l_expire</tt> to define your default single sign-on
+ duration.</p></li>
+
+ <li><p>Use <tt>static_user_field</tt> to define the editability of the
+ userid field during a single browsing session. You may want to allow
+ some flexibility or force users to close the browser before switching
+ between users.</p>
+
+ <li>Use the <tt>retain_username_on_failed_authn</tt> to define whether
+ the userid is retained after a failed login attempt. Users will
+ appreciate this if they mistyped their password, not their userid.</p></li>
+
+ <li><p>Use <tt>trim_username_to_atsign</tt> to define whether users can
+ enter a userid that looks like an email address. Sites that aren't
+ verifying full Kerberos principals (e.g. <i>joe at example.edu</i>) or
+ userids that look like email addresses can use this feature to provide
+ some flexibility in this regard, i.e., to trim off the extra realm info
+ the user added and verify just the proper userid.</p></li>
+
+ </ul>
+
+ <p>Refer to the <a href="config.html">config file reference</a> to review
+ these variables and the values they take.</p>
+
<h4><a name="krb5">Kerberos 5 Verifier Configuration</a></h4>
<p>To build the login cgi with support for the Kerberos 5 verifier,
***************
*** 904,910 ****
See doc/LICENSE.txt for terms of use.
</p>
<pre>
! $Id: install-login.html,v 1.17 2004/02/05 23:02:53 dors Exp $
</pre>
</body>
--- 938,944 ----
See doc/LICENSE.txt for terms of use.
</p>
<pre>
! $Id: install-login.html,v 1.18 2004/02/10 18:59:50 dors Exp $
</pre>
</body>
end of message
- Previous message: [pubcookie-dev] WEBISO CVS update: willey;
candv.c,1.21,1.21.2.1 capture_cmd_output.c,2.7,2.7.2.1
check_crypted_blob.c,1.10,1.10.2.1 dtest.c,1.16,1.16.2.1
flavor.c,1.11.2.2,1.11.2.3 flavor.h,1.9,1.9.2.1
flavor_basic.c,1.42.2.8,1.42.2.9 flavor_getcred.c,1.19,1.19.2.1
flavor_uwsecurid.c,1.1.2.12,1.1.2.13 index.cgi.c,1.108.2.11,1.108.2.12
index.cgi.h,1.42.2.2,1.42.2.3 keyclient.c,2.35.2.3,2.35.2.4
keyserver.c,2.36.2.5,2.36.2.6 libpubcookie.c,2.60.2.6,2.60.2.7
libpubcookie.h,1.37.2.4,1.37.2.5 make_crypted_blob.c,1.8,1.8.2.1
mod_pubcookie.c,1.123.2.2,1.123.2.3 mod_pubcookie.h,2.4,2.4.2.1
ntmpl.c,1.9.2.2,1.9.2.3 pbc_apacheconfig.c,2.7,2.7.2.1
pbc_apacheconfig.h,2.6,2.6.2.1 pbc_config.h,1.81.2.5,1.81.2.6
pbc_configure.c,2.5,2.5.2.1 pbc_configure.h,2.5,2.5.2.1
pbc_create.c,1.18,1.18.2.1 pbc_key_generic.c,1.5.2.1,1.5.2.2
pbc_key_local.c,1.9.2.1,1.9.2.2 pbc_logging.c,1.25,1.25.2.1
pbc_logging.h,1.16.2.2,1.16.2.3 pbc_my!
pbc_path.h.in,2.6.2.2,2.6.2.3 pbc_verify.c,1.17,1.17.2.1
pbc_version.h,1.56,1.56.2.1 pubcookie.file_header,1.5,1.5.2.1
pubcookie.h,1.17,1.17.2.1 securid.c,1.13,1.13.2.1 securid.h,1.5,1.5.2.1
securid_securid.c,1.9,1.9.2.1 securid_securid.h,1.2,1.2.2.1
securid_stub.c,1.13.2.1,1.13.2.2 security.c,1.6,1.6.2.1
security.h,1.8,1.8.2.1 security_legacy.c,1.28.2.1,1.28.2.2
speed_test.c,1.7,1.7.2.1 strlcpy.c,2.7,2.7.2.1 strlcpy.h,1.4,1.4.2.1
verify.c,1.19.2.1,1.19.2.2 verify.h,1.11,1.11.2.1
verify_alwaystrue.c,1.12,1.12.2.1 verify_kerberos4.c,1.12,1.12.2.1
verify_kerberos5.c,1.28,1.28.2.1 verify_ldap.c,1.23,1.23.2.1
verify_shadow.c,1.14,1.14.2.1 verify_uwsecurid.c,1.1.2.5,1.1.2.6
what_is_my_ip.c,1.9,1.9.2.1
- Next message: [pubcookie-dev] WEBISO CVS update: dors;
webiso/pubcookie/doc install-mod_pubcookie.html,1.2,1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the pubcookie-dev
mailing list