On Thu, Apr 23, 2009 at 4:38 PM, Phil Pishioneri <[email protected]> wrote: > First time I'm trying out the _passwd_ keyword (in v3, not 2.x), having > trouble keeping the username as just the kerberos principal. > > Let's say my krb5 realm is K.PSU.EDU. Either of the following two config > entries > > passwd kerberos ([...@]+) [email protected] K.PSU.EDU > passwd kerberos ([...@]+) $1 K.PSU.EDU [using the default realm in > krb5.conf] > > will work if someone enters their account name as "foo" in the _login_ input > field. (USER="foo", REALM="K.PSU.EDU") > > I'd like to add another config line so that if someone entered > "[email protected]" into the login field, it would be equivalent to the above > keywords, setting the User to "foo". My attempts: > > passwd kerberos ([...@]+)@K.PSU.EDU [email protected] K.PSU.EDU > passwd kerberos ([...@]+)@(K\.PSU\.EDU) [email protected] K.PSU.EDU > > etc., are all the same. Whatever string is entered into the login field, > becomes the USER: "[email protected]" (for that input). The realm is set > correctly, and the kerberos ticket is the desired one. Even > > passwd kerberos ([...@]+)@bar [email protected] K.PSU.EDU > > gets the user set to "f...@bar" (for that input). Seems to be acting like > the mysql option (using the "email address"), where I'd prefer that it just > used the principal (and /instance if set?). > > Is this the intended behavior?
What we do here is something like this, which should work for 3.0 (assuming that part of the code hasn't changed, still need to test that): passwd kerberos ([...@]+) $1 BX.PSU.EDU I tried to do something fancy like you had above and just match with something like passwd kerberos (.+)@BX.PSU.EDU $1 BX.PSU.EDU but gave up as backrefs didn't quite seem to be working correctly We also have some javascript that appends the realm to the login variable before submitting, which plays into our use of a drop-down dialog to allow the user to select the realm to login to. You could probably do something similar to strip off your 'default' realm before submission if the user inputs that. --andy ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensign option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
