Hello Russ, your patch works very good, now user can log in with their UPN.
Thanks a lot ! -- Yang Orange Key: 35745318S1 On Tue, Oct 16, 2012 at 12:06 AM, Russ Allbery <[email protected]>wrote: > YANG ChengFu <[email protected]> writes: > > > I have tried UPN, it works the following option > > > kinit -E [email protected] > > > you see "-E treats the principal name as an enterprise name." > > > How can I do the same thing in webauth ? > > Oh, you have to use enterprise names. Sadly, there isn't currently an > option to do this in WebAuth, although I think it's fairly easy if you > want to try to patch it. > > In lib/krb5.c in webauth_krb5_init_via_password, there is code like: > > /* Initialize arguments and set up ticket cache. */ > code = krb5_parse_name(kc->ctx, username, &kc->princ); > if (code != 0) > return error_set(ctx, kc, code, "cannot parse principal %s", > username); > > If you change that krb5_parse_name to: > > code = krb5_parse_name_flags(kc->ctx, username, > KRB5_PRINCIPAL_PARSE_ENTERPRISE, > &kc->princ); > > I *think* that may do what you want. I've not tested this. If it does > work, let me know, and I can add this as an option in the next version of > WebAuth. > > -- > Russ Allbery <[email protected]> > Technical Lead, ITS Infrastructure Delivery Group, Stanford University >
