Re: mod_auth_kerb and usernames

From: Wesley J. Landaker <wjl_at_icecavern.net>
Date: 2007-03-09 22:16:51 CET

On Friday 09 March 2007 12:53, Michael Richters wrote:
> When using apache with mod_auth_kerb, $REMOTE_USER contains the whole
> kerberos principal name, including "@REALM". This makes it difficult
> to maintain a repository that uses both mod_auth_kerb and some other
> method of access. Is there any way to configure subversion so that
> the realm is stripped from the username?

I ran across this problem in one installation and ended up concluding that
to get it to work I'd have to either hack the mod_auth_kerb source, which
would be easy but a pain to track on upgrades, etc, or use principal@REALM
for usernames in SVN, which would be unacceptable.

So instead, I just used mod_auth_pam at let the Linux PAM system handle the
kerberos authentication transparently instead.

-- 
Wesley J. Landaker <wjl@icecavern.net> <xmpp:wjl@icecavern.net>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2

application/pgp-signature attachment: stored

Received on Fri Mar 9 22:17:22 2007

This message: [ Message body ]
Next message: Kenichi Nakamura: "Re: Subversion 1.5"
Previous message: Garance A Drosihn: "Re: Has Subversion's attitude toward dataloss changed significantly since 0.27?"
In reply to: Michael Richters: "mod_auth_kerb and usernames"
Next in thread: Michael Richters: "Re: mod_auth_kerb and usernames"
Reply: Michael Richters: "Re: mod_auth_kerb and usernames"
Reply: Michael Richters: "Re: mod_auth_kerb and usernames"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]