[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: mod_auth_kerb and usernames

From: Wesley J. Landaker <wjl_at_icecavern.net>
Date: 2007-03-09 22:16:51 CET

On Friday 09 March 2007 12:53, Michael Richters wrote:
> When using apache with mod_auth_kerb, $REMOTE_USER contains the whole
> kerberos principal name, including "@REALM". This makes it difficult
> to maintain a repository that uses both mod_auth_kerb and some other
> method of access. Is there any way to configure subversion so that
> the realm is stripped from the username?

I ran across this problem in one installation and ended up concluding that
to get it to work I'd have to either hack the mod_auth_kerb source, which
would be easy but a pain to track on upgrades, etc, or use principal@REALM
for usernames in SVN, which would be unacceptable.

So instead, I just used mod_auth_pam at let the Linux PAM system handle the
kerberos authentication transparently instead.

-- 
Wesley J. Landaker <wjl@icecavern.net> <xmpp:wjl@icecavern.net>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2

  • application/pgp-signature attachment: stored
Received on Fri Mar 9 22:17:22 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.