get only username from REMOTE_USER variable

Jeffrey Altman jaltman2 at nyc.rr.com
Tue Sep 27 08:57:03 EDT 2005


mnikhil at gmail.com wrote:

> Hi
> 
> Firstly, My Sincere thanks to all of you for making available such a
> wonderful module available to Apache on sourceforge.
> 
> My problem is nothing except that to make modifications to REMOTE_USER
> variable in the kerberos itself.
> I mean when I am visiting a kerberos enabled webpage, after succesful
> authentication the REMOTE_USER variable is being set as
> "<user>@<mydomainname>"
> I guess here the <domainname>, obviously it takes from domain_realm,
> set in the /etc/krb5.conf page.
> So, I want to make changes something that could make REMOTE_USER
> variable just the "user" and not the "<user>@<mydomainname>".
> 
> Response would be much appreciated.
> 
> Regards,
> Nikhil
> 

You could make a change to do so but it would be unwise.   What you
refer to as <mydomainname> is really <REALM-OF-USER>.   Since Kerberos
supports authentication from multiple realms, it is necessary to
include the full principal name in REMOTE_USER to distinguish the
source of the authentication.

Jeffrey Altman

-- 
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu


More information about the Kerberos mailing list