Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

REMOTE_USER and map_username

YANG ChengFu youngseph at
Fri Oct 12 17:15:17 PDT 2012

Hello Russ,

thanks for your information,our Kerberos REALM is EXAMPLE.ORG, but
userPrincipalName is firstname.lastname at , it is possible to
use userPrincipalName as authentication Identity?

On Fri, Oct 12, 2012 at 7:32 PM, Russ Allbery
<eagle at>wrote:

> YANG ChengFu <youngseph at> writes:
> > I have setup webauth in our environment, it works very good, but I have
> > questions about REMOTE_USER and map_username.
> > Weblogin has a function called map_username, which lets us map username
> > to anything we want, such email address. I did this, now users can login
> > with their email address, such as firstname.lastname at, and
> > they have no problems, but after login successfully, ENV{REMOTE_USER}
> > will always be set to flastname(Firstname.lastname).
> > Is it possible to make sure ENV{REMOTE_USER} is set to email address, I
> > mean to set ENV{REMOTE_USER} as the string which user inputs?  if yes,
> > can you tell us how we can do it ? Thanks !
> Unfortunately, there isn't.  map_username converts user input into the
> authentication identity, whatever that may be, so that you can accept
> different things in the login input box on WebLogin.  But WebAuth always
> expresses the underlying authentication identity to all other components
> of the system, and there isn't currently a way to tell the WebKDC to
> express an authentication identity other than the Kerberos principal to
> the other components of the system.
> --
> Russ Allbery <eagle at>
> Technical Lead, ITS Infrastructure Delivery Group, Stanford University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the webauth-info mailing list