Hi, my question is not directly related to IPA, but since IPA provides underlying authentication services, I think it almost fits here. I have an Apache WebDAV server that authenticates via Kerberos to IPA server. Related configuration in Apache is:
AuthType Kerberos # Essential for Windows clients to connect KrbMethodNegotiate Off KrbMethodK5Passwd On KrbAuthRealms REALM Krb5KeyTab /etc/httpd/conf/krb5.keytab KrbServiceName HTTP Require valid-user I can login with IPA username (i.e. user) and user@REALM But I also need to login with e-mail, as user@domain, which does not work. “domain" equals “REALM", but, naturally, domain is lowercase and REALM is uppercase. I could not find any simple solution so far. I thought I could manipulate username supplied by user and I tried to play with /etc/krb5.conf, by adding auth_to_local statements, as below: [realms] REALM = { pkinit_anchors = FILE:/etc/ipa/ca.crt # experimenting to convert to uppercase auth_to_local = RULE:[1:$1@$0](^.*@domain$)s/@domain/@REALM/ auth_to_local = DEFAULT } But this doesn’t work and it seems that it is not even tried by Apache/Kerberos. Could you suggest any other solution if this is possible to achieve at all? One other way that might work is via Apache module mod_map_user, but I could not compile it on Centos7. Thanks for you time and kind regards, Ivars
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org