Search Mailing List Archives
REMOTE_USER and map_username
youngseph at gmail.com
Tue Oct 16 07:42:51 PDT 2012
your patch works very good, now user can log in with their UPN.
Thanks a lot !
Orange Key: 35745318S1
On Tue, Oct 16, 2012 at 12:06 AM, Russ Allbery
<eagle at windlord.stanford.edu>wrote:
> YANG ChengFu <youngseph at gmail.com> writes:
> > I have tried UPN, it works the following option
> > kinit -E firstname.lastname at example.com
> > you see "-E treats the principal name as an enterprise name."
> > How can I do the same thing in webauth ?
> Oh, you have to use enterprise names. Sadly, there isn't currently an
> option to do this in WebAuth, although I think it's fairly easy if you
> want to try to patch it.
> In lib/krb5.c in webauth_krb5_init_via_password, there is code like:
> /* Initialize arguments and set up ticket cache. */
> code = krb5_parse_name(kc->ctx, username, &kc->princ);
> if (code != 0)
> return error_set(ctx, kc, code, "cannot parse principal %s",
> If you change that krb5_parse_name to:
> code = krb5_parse_name_flags(kc->ctx, username,
> I *think* that may do what you want. I've not tested this. If it does
> work, let me know, and I can add this as an option in the next version of
> Russ Allbery <eagle at windlord.stanford.edu>
> Technical Lead, ITS Infrastructure Delivery Group, Stanford University
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the webauth-info