YANG ChengFu <[email protected]> writes: > I have tried UPN, it works the following option
> kinit -E [email protected] > you see "-E treats the principal name as an enterprise name." > How can I do the same thing in webauth ? Oh, you have to use enterprise names. Sadly, there isn't currently an option to do this in WebAuth, although I think it's fairly easy if you want to try to patch it. In lib/krb5.c in webauth_krb5_init_via_password, there is code like: /* Initialize arguments and set up ticket cache. */ code = krb5_parse_name(kc->ctx, username, &kc->princ); if (code != 0) return error_set(ctx, kc, code, "cannot parse principal %s", username); If you change that krb5_parse_name to: code = krb5_parse_name_flags(kc->ctx, username, KRB5_PRINCIPAL_PARSE_ENTERPRISE, &kc->princ); I *think* that may do what you want. I've not tested this. If it does work, let me know, and I can add this as an option in the next version of WebAuth. -- Russ Allbery <[email protected]> Technical Lead, ITS Infrastructure Delivery Group, Stanford University
