Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

REMOTE_USER and map_username

YANG ChengFu youngseph at gmail.com
Tue Oct 16 07:42:51 PDT 2012


Hello Russ,

your patch works very good, now user can log in with their UPN.

Thanks a lot !

--
Yang
Orange Key: 35745318S1



On Tue, Oct 16, 2012 at 12:06 AM, Russ Allbery
<eagle at windlord.stanford.edu>wrote:

> YANG ChengFu <youngseph at gmail.com> writes:
>
> > I have tried UPN, it works the following option
>
> > kinit -E firstname.lastname at example.com
>
> > you see "-E     treats the principal name as an enterprise name."
>
> > How can I do the same thing in webauth ?
>
> Oh, you have to use enterprise names.  Sadly, there isn't currently an
> option to do this in WebAuth, although I think it's fairly easy if you
> want to try to patch it.
>
> In lib/krb5.c in webauth_krb5_init_via_password, there is code like:
>
>     /* Initialize arguments and set up ticket cache. */
>     code = krb5_parse_name(kc->ctx, username, &kc->princ);
>     if (code != 0)
>         return error_set(ctx, kc, code, "cannot parse principal %s",
> username);
>
> If you change that krb5_parse_name to:
>
>     code = krb5_parse_name_flags(kc->ctx, username,
>                                  KRB5_PRINCIPAL_PARSE_ENTERPRISE,
>                                  &kc->princ);
>
> I *think* that may do what you want.  I've not tested this.  If it does
> work, let me know, and I can add this as an option in the next version of
> WebAuth.
>
> --
> Russ Allbery <eagle at windlord.stanford.edu>
> Technical Lead, ITS Infrastructure Delivery Group, Stanford University
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/webauth-info/attachments/20121016/86b7ff44/attachment.html>


More information about the webauth-info mailing list