Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

REMOTE_USER and map_username

Russ Allbery eagle at
Mon Oct 15 21:06:38 PDT 2012

YANG ChengFu <youngseph at> writes:

> I have tried UPN, it works the following option

> kinit -E firstname.lastname at

> you see "-E     treats the principal name as an enterprise name."

> How can I do the same thing in webauth ?

Oh, you have to use enterprise names.  Sadly, there isn't currently an
option to do this in WebAuth, although I think it's fairly easy if you
want to try to patch it.

In lib/krb5.c in webauth_krb5_init_via_password, there is code like:

    /* Initialize arguments and set up ticket cache. */
    code = krb5_parse_name(kc->ctx, username, &kc->princ);
    if (code != 0)
        return error_set(ctx, kc, code, "cannot parse principal %s", username);

If you change that krb5_parse_name to:

    code = krb5_parse_name_flags(kc->ctx, username,

I *think* that may do what you want.  I've not tested this.  If it does
work, let me know, and I can add this as an option in the next version of

Russ Allbery <eagle at>
Technical Lead, ITS Infrastructure Delivery Group, Stanford University

More information about the webauth-info mailing list