[colug-432] Any Kerberos experts out there?
Chris Clonch
chris at theclonchs.com
Tue Jun 22 10:43:58 EDT 2010
On Friday, June 18, 2010 04:45:44 pm Joshua Kramer wrote:
> Hello Colug,
>
> Are there any Kerberos experts out there?
>
> Here at work I have a CentOS box, on which I've set up Kerberos
> authentication for an Apache-based website. The Apache instance
> authenticates against our Windows 2008 domain controller. It works great,
> except the login name passed to the website includes the domain:
>
> joshua.kramer at INTERNAL.MYCOMPANY.NET
>
> Is there a way I can get it to drop the domain, as it's passed to the
> website? I.E. just 'joshua.kramer'
>
> The relevant sections of krb5.conf are posted below:
>
> [libdefaults]
> default_realm = INTERNAL.MYCOMPANY.NET
>
> [realms]
> INTERNAL.MYCOMPANY.NET = {
> }
>
> [domain_realm]
>
> .internal.mycompanynet = INTERNAL.MYCOMPANY.NET
> internal.mycompany.net = INTERNAL.MYCOMPANY.NET
>
> Thanks!
> -Josh
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
mod_auth_kerb > 5.4 supports a directive "KrbLocalUserMapping" which enables
stripping of the realm from the response.
https://bugzilla.redhat.com/show_bug.cgi?id=446670
-Chris
More information about the colug-432
mailing list