NAME

cosign - The cosign component

DESCRIPTION

Component to configure/start/stop the Cosign Service.

RESOURCES

path

The path to the web server installation directory, defaults to /var/cosign/httpd.

root

The document root of the Cosign webserver, defaults to path/htdocs.

port

The port the web server should run on, defaults to 80.

user

The user the web server and cosign daemon should run as, defaults to cosign.

group

The group the web server and cosign daemon should run on, defaults to cosign.

mail

The mail address of the web server admin, defaults to root@localhost.

httpd_libpath

The directory path of the apache modules, defaults to /usr/lib/apache.

allow_access

The access allow line for the Cosign directory.

server

The fully qualified hostname of the server.

cgiserver

The fully qualified hostname of the login CGI server.

replica

The fully qualified hostname of a server to replicate to. This will enable the monster process to do replication and clearout.

logouturl

The cosign url for logout, defaults to http://SERVER/.

loopurl

The cosign url on looping, defaults to http://SERVER/looping.html.

timeout

The cosign connection timeout, defaults to 300 seconds.

item cosignd_port

The cosign daemon port, defaults to 6663.

item kx509

If anything other than empty enables KX509 support on the server so that will transparently issue tickets if a suitable X509 certificate is presented.

item ssl_issuer

When KX509 is enabled this is the httpd configuration AuthSSLIssuer line.

item clients

A list of client names, there must be at least one with a role of cgi and corresponding to the server name. The following resources can be specified for each entry in the list. See the cosignd manpage for more information.

role_TAG

Role of client which can be cgi or service.

cn_TAG

Subject CN of client, normally fully qualified server name.

flags_TAG

Flags for the client.

proxy_TAG

Reference to proxy configuration file for the client if the flags indicate proxying - these are not currently configurable via this component.

item services

A space seperated list of services a client wants to use the cosign server to authenticate against. It is used on the cosign server via an LCFG spanning map. Because of spanning map limitations each service is an encoded group with the syntax role/cn/flags/proxy where each part is as described above for the clients resource and as in the cosignd manpage.

SPANNING MAP RESOURCES

The cosign component publishes and subscribes to a spanning map. This distributes the list of clients and services allowed to connect to the cosign server.

importclients

Name of the spanning map for a server to retrieve the set of clients and services from.

PLATFORMS

Fedora5

AUTHOR

Tim Colles <timc@inf.ed.ac.uk>, George Ross <gdmr@inf.ed.ac.uk>

POD ERRORS

Hey! The above document had some coding errors, which are explained below:

Around line 125:

You can't have =items (as at line 131) unless the first thing after the =over is an =item