Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

REMOTE_USER and map_username

YANG ChengFu youngseph at gmail.com
Fri Oct 12 17:15:17 PDT 2012


Hello Russ,

thanks for your information,our Kerberos REALM is EXAMPLE.ORG, but
userPrincipalName is firstname.lastname at example.com , it is possible to
use userPrincipalName as authentication Identity?


On Fri, Oct 12, 2012 at 7:32 PM, Russ Allbery
<eagle at windlord.stanford.edu>wrote:

> YANG ChengFu <youngseph at gmail.com> writes:
>
> > I have setup webauth in our environment, it works very good, but I have
> > questions about REMOTE_USER and map_username.
>
> > Weblogin has a function called map_username, which lets us map username
> > to anything we want, such email address. I did this, now users can login
> > with their email address, such as firstname.lastname at example.com, and
> > they have no problems, but after login successfully, ENV{REMOTE_USER}
> > will always be set to flastname(Firstname.lastname).
>
> > Is it possible to make sure ENV{REMOTE_USER} is set to email address, I
> > mean to set ENV{REMOTE_USER} as the string which user inputs?  if yes,
> > can you tell us how we can do it ? Thanks !
>
> Unfortunately, there isn't.  map_username converts user input into the
> authentication identity, whatever that may be, so that you can accept
> different things in the login input box on WebLogin.  But WebAuth always
> expresses the underlying authentication identity to all other components
> of the system, and there isn't currently a way to tell the WebKDC to
> express an authentication identity other than the Kerberos principal to
> the other components of the system.
>
> --
> Russ Allbery <eagle at windlord.stanford.edu>
> Technical Lead, ITS Infrastructure Delivery Group, Stanford University
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/webauth-info/attachments/20121012/3321c296/attachment.html>


More information about the webauth-info mailing list