GitHub user DmitryLitvintsev opened a pull request:
https://github.com/apache/mina-sshd/pull/58
do not replace username with identity
This patch addresses the following problem:
In the existing code, once the identity is not null it replaces username.
In case of GSS authentication the identity looks like
[email protected]
It is separate and not equivalent to username.
The issue came up while I was developing kerberized sshd that is used in
admin shell interface in our
project - dCache (dcache.org). We use apache MINA ssh server. Multiple
users, each having their
specific identities, need to login to account having one username. ACLs are
defined for the username and multiple user identies map to the this username
(something similar to what is provided by .k5login file allowing multiple users
login to the same account). The actual shell implementation picks username from
Environment.ENV_USER and since exiting code replaces user w/ identity I am
pretty much stuck.
w/ this patch I am a happy customer :)
Thank you,
Dmitry
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/DmitryLitvintsev/mina-sshd identity
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/mina-sshd/pull/58.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #58
----
commit 699e30f5b903ea585f7940707b7d1c6d2760ea36
Author: Dmitry Litvintsev <litvinse@...>
Date: 2018-05-25T21:17:02Z
do not replace username with identity
----
---
