When using kerberos authentication, it seems logical to me that the authenticated kerberos principal, rather than the user name, would be the only identifier of interest. However, I can find no method, either in the documentation or in the mailing list archives, for accessing the authenticated kerberos principal.
There is one mention of the problem in the documentation: ----- 17.9. Identifiers When a user logs into a system, they are assigned a user name and a corresponding UserID. This user name is used by the LPRng software when transferring jobs to identify the user. When we look into the problem of authentication, we will possibly have a more global user identification to deal with, the authentication identifier (AuthID). One way to deal with this problem is to give LPRng intimate knowledge of the UserID and AuthID relationship. While this is possible it is difficult to deal with in a simple and extensible manner. An alternate solution is to provide a mapping service, where the authentication procedure provides a map between the UserID and AuthID. ----- However, I can find no implementation of any "mapping service" in the kerberos support. I would be very happy if there were an option to _replace_ the user name with the kerberos ID. -Rick -- |Rick Cochran phone: 607-255-7618| |Cornell CIT - Systems & Operations - Net-Print FAX: 607-255-8521| |730 Rhodes Hall, Ithaca, N.Y. 14853 email: [EMAIL PROTECTED]| ----------------------------------------------------------------------------- YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST The address you post from MUST be your subscription address If you need help, send email to [EMAIL PROTECTED] (or lprng-requests or lprng-digest-requests) with the word 'help' in the body. For the impatient, to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED] with: | example: subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED] unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED] If you have major problems, send email to [EMAIL PROTECTED] with the word LPRNGLIST in the SUBJECT line. -----------------------------------------------------------------------------
