|
User/Browser's action |
Web Server's action |
Cookie Server's action |
1 |
Request COW
hotlist, or any secure resource. |
|
|
2 |
|
Receives request, and if request requires authentication,
asks cookie server if user is already authenticated. |
|
3a |
|
|
If user is not authenticated, returns that to web server. |
4a |
|
If user is not authenticated, generates login page for the user. This
includes an unauthenticated authorization cookie. |
|
5a |
Sees login page, and enters uniqname and Kerberos password into secure
web page, sending that information to the web servers. |
|
|
6a |
|
Receives login information, and checks user's password for validity.
If the password is correct, it
registers the authorization cookie with the cookie server. |
|
7a |
|
|
Receives registration of cookie, and stores cookie, with a four hour
expiration time, in a database. The cookie is stored with the IP number of
the host that the user is using, and the uniqname of the user. At no time
is the password stored on the server. |
8a |
|
Redirects user's browser to the resource the user originally wanted. |
|
9a |
Gets redirection, and again requests the original, secure resource. |
|
|
2 |
|
Receives request, and asks cookie server if user is already authenticated. |
|
3b |
|
|
If user is authenticated, returns that to the web server. |
4b |
|
Checks to see if resource requires further authorization, and if it does,
requests that information from the cookie server. |
|
5b |
|
|
If user is authorized, returns that to the web server. |
6b |
|
If the user is authenticated and authorized, provides user with the resource, whether
it's a web page, a conference in Conferencing On the Web, or a ballot to vote
for student government elections.
If user is authenticated but not authorized, returns a "Forbidden" web page. |
|
10 |
Finally sees requested resource. |
|
|