IIS - sample configuration file

# CUWebAuth.conf
#
# Configuration file for CUWebAuth under IIS
#
# ** WARNING ** Lines beginning with whitespace WILL BE IGNORED
# ** WARNING ** This can result in a more permissive security policy than intended
#
# CUWAkerberosPrincipal defines your server's identity (ServiceID). You must obtain a
# ServiceID and set it here.

CUWAkerberosPrincipal mandarin-agent.test

# Your srvtab should always be located in the system32 directory.

CUWAsrvtabPath C:\WINNT\CUWebAuth\test.srvtab

# Always include the following lines. They tell CUWebAuth how to locate
# the CUWebLogin and permit servers.

CUWAcuwlServerSRL       ipHost=cuweblogin.cit.cornell.edu ipPort=1010 netid=erpcd.webster authent=k4
CUWAcuwlServerSRL       ipHost=cuweblogin2.cit.cornell.edu ipPort=1010 netid=erpcd.webster2 authent=k4
CUWApermitServerSRL     ipHost=permit1.cit.cornell.edu ipPort=756 netid=permitd.permit1 authent=k4

# Change the following line from "normal" to "debug" to see a plethora of
# information. This will fill up your C:\WINNT\CUWebAuth\CUWebAuth.log file
# in a hurry, so please only use when absolutely necessary

CUWAdebugLevel          normal

# Change the following ONLY if you are planning to operate your CUWebAuth
# environment in a different DNS domain than under cornell.edu. This ensures that
# cookies sent from your server are accepted by web browsers and not ignored via the
# W3 Consortium standards on "Third Party Cookies".

CUWAcookieDomain        cornell.edu

# How many seconds to wait for a valid response from SideCar or a CUWL server
# A 5 second timeout value seems to work the best for most applications...

CUWAcusspTimeout 5

# CUWAPostDataLimit directive is for the POST data aware version only....
# This directive controls the amount of PostData being processed.
# The higher the number is set the greater is the performance impact on IIS server.

# CUWAPostDataLimit 10000

# The following location directive helps in reloading the changes made to the conf
# file without restarting IIS. Change the netid "admin" to the webadministrator's netid

<location reloadConf.html>

            AuthName CORNELL

            AuthType cuweblogin-force

            require  netid admin

            CUWAErrorDoc NoSideCar C:\WINNT\CUWebAuth\nosidecar.html

            CUWAErrorDoc SideCarError C:\WINNT\CUWebAuth\scerror.html

            CUWAErrorDoc CUWebLoginError C:\WINNT\CUWebAuth\cuwlerror.html

            CUWAErrorDoc NoAuth C:\WINNT\CUWebAuth\autherror.html

</location>

<Directory /test>

            AuthName CORNELL

            AuthType all

            CUWAErrorDoc NoSideCar C:\WINNT\CUWebAuth\nosidecar.html

            CUWAErrorDoc SideCarError C:\WINNT\CUWebAuth\scerror.html

            CUWAErrorDoc CUWebLoginError C:\WINNT\CUWebAuth\cuwlerror.html

            CUWAErrorDoc NoAuth C:\WINNT\CUWebAuth\autherror.html

</Directory>