Adding a KrbTrimRealm configuration option
Brought to you by:
kouril
Menu
▾
▴
#12 Adding a KrbTrimRealm configuration option
In my setup we have only one KRB realm, and probably
always will. Having the realm named tacked on to the
end of each SVN commit is a eye sore. With this patch
I've created a new configuration option:
KrbAppendRealm. It defaults on to match the current
behavior.
I made this patch from the source package from debian,
and as such it has change to a file that is not found
in the main source tarball.
Logged In: YES
user_id=603791
I am currently in the same situation - having SVN names with
@REALM. I wonder whether the patch #1303627 should do the
trick in more robust way, since in this case you should be
fine with something like:
auth_to_local = RULE:[1:$1]
The questions are:
1) Is it better to have different rules for local username
and for SVN usernames?
2) I need yet to test it on my setup.
3) Where is your patch for KrbTrimRealm - I cannot see it here.
Logged In: YES
user_id=335935
Some how I screwed up (sf.net's crappy "click to attach
file" UI strikes again). After thinking about it I renamed
the config name to KrbAppendRealm.
Further searching I see two other people have submitted
patches for this in the past:
https://sourceforge.net/tracker/?func=detail&atid=464526&aid=1057158&group_id=51775
https://sourceforge.net/tracker/index.php?func=detail&aid=991917&group_id=51775&atid=464527
I also attached mine to this ticket.
Patch to add KrbAppendRealm config option
Logged In: YES
user_id=603791
Meanwhile I have played a bit with this patch:
https://sourceforge.net/tracker/index.php?func=detail&aid=1303627&group_id=51775&atid=464526
and it turned out that using KrbDoAuthToLocal with
auth_to_local = DEFAULT
(and without doing local authorization) does just the same.
I am still not sure though that the trick is legal.
Logged In: YES
user_id=2126033
Originator: NO
stripping @REALM solved in HEAD rev. 1.138
View and moderate all "patches Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Patches"
How was this solved? I cannot find the apache configuration directive to use in order to strip the @realm from the uid.
Does anyone know?
Thank you in advance!
Last edit: Anonymous 2017-07-20
I forgot to update the README file before releasing v5.4, but the one in CVS is ok:
KrbLocalUserMapping on | off (set to off by default)
When enabled, modul will try to translate authenticated username to local
name, which can be used by applications requiring an environment-specific
name (e.g. user account name). Simply, the realm name will be stripped out.