Hello Russ, thanks for your information,our Kerberos REALM is EXAMPLE.ORG, but userPrincipalName is [email protected] , it is possible to use userPrincipalName as authentication Identity?
On Fri, Oct 12, 2012 at 7:32 PM, Russ Allbery <[email protected]>wrote: > YANG ChengFu <[email protected]> writes: > > > I have setup webauth in our environment, it works very good, but I have > > questions about REMOTE_USER and map_username. > > > Weblogin has a function called map_username, which lets us map username > > to anything we want, such email address. I did this, now users can login > > with their email address, such as [email protected], and > > they have no problems, but after login successfully, ENV{REMOTE_USER} > > will always be set to flastname(Firstname.lastname). > > > Is it possible to make sure ENV{REMOTE_USER} is set to email address, I > > mean to set ENV{REMOTE_USER} as the string which user inputs? if yes, > > can you tell us how we can do it ? Thanks ! > > Unfortunately, there isn't. map_username converts user input into the > authentication identity, whatever that may be, so that you can accept > different things in the login input box on WebLogin. But WebAuth always > expresses the underlying authentication identity to all other components > of the system, and there isn't currently a way to tell the WebKDC to > express an authentication identity other than the Kerberos principal to > the other components of the system. > > -- > Russ Allbery <[email protected]> > Technical Lead, ITS Infrastructure Delivery Group, Stanford University >
