Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

REMOTE_USER and map_username

Russ Allbery eagle at windlord.stanford.edu
Fri Oct 12 16:32:07 PDT 2012


YANG ChengFu <youngseph at gmail.com> writes:

> I have setup webauth in our environment, it works very good, but I have
> questions about REMOTE_USER and map_username.

> Weblogin has a function called map_username, which lets us map username
> to anything we want, such email address. I did this, now users can login
> with their email address, such as firstname.lastname at example.com, and
> they have no problems, but after login successfully, ENV{REMOTE_USER}
> will always be set to flastname(Firstname.lastname).

> Is it possible to make sure ENV{REMOTE_USER} is set to email address, I
> mean to set ENV{REMOTE_USER} as the string which user inputs?  if yes,
> can you tell us how we can do it ? Thanks !

Unfortunately, there isn't.  map_username converts user input into the
authentication identity, whatever that may be, so that you can accept
different things in the login input box on WebLogin.  But WebAuth always
expresses the underlying authentication identity to all other components
of the system, and there isn't currently a way to tell the WebKDC to
express an authentication identity other than the Kerberos principal to
the other components of the system.

-- 
Russ Allbery <eagle at windlord.stanford.edu>
Technical Lead, ITS Infrastructure Delivery Group, Stanford University


More information about the webauth-info mailing list