Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

REMOTE_USER and map_username

YANG ChengFu youngseph at
Tue Oct 16 07:42:51 PDT 2012

Hello Russ,

your patch works very good, now user can log in with their UPN.

Thanks a lot !

Orange Key: 35745318S1

On Tue, Oct 16, 2012 at 12:06 AM, Russ Allbery
<eagle at>wrote:

> YANG ChengFu <youngseph at> writes:
> > I have tried UPN, it works the following option
> > kinit -E firstname.lastname at
> > you see "-E     treats the principal name as an enterprise name."
> > How can I do the same thing in webauth ?
> Oh, you have to use enterprise names.  Sadly, there isn't currently an
> option to do this in WebAuth, although I think it's fairly easy if you
> want to try to patch it.
> In lib/krb5.c in webauth_krb5_init_via_password, there is code like:
>     /* Initialize arguments and set up ticket cache. */
>     code = krb5_parse_name(kc->ctx, username, &kc->princ);
>     if (code != 0)
>         return error_set(ctx, kc, code, "cannot parse principal %s",
> username);
> If you change that krb5_parse_name to:
>     code = krb5_parse_name_flags(kc->ctx, username,
>                                  KRB5_PRINCIPAL_PARSE_ENTERPRISE,
>                                  &kc->princ);
> I *think* that may do what you want.  I've not tested this.  If it does
> work, let me know, and I can add this as an option in the next version of
> WebAuth.
> --
> Russ Allbery <eagle at>
> Technical Lead, ITS Infrastructure Delivery Group, Stanford University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the webauth-info mailing list