AW: gss_localname() with multiple KDC/User Directories + Apache + mod_auth_gssapi

[Tobias Kritten (EXT)]

Hi Greg,

thanks for your quick help!

> auth_to_local is always looked up in the default realm, not in the realm of
> the principal being authorized.  This is why the rule has to do the annoying
> dance of explicitly including the realm in the [] part, matching it in the () part,
> and removing it in the s// part.  Fixing this historical botch isn't trivial since the
> obvious fixes would be likely to break existing deployments.  (The same
> problem applies to auth_to_local_names, which is even worse since there's
> no workaround aside from not doing any cross-realm.)

Moving the auth_to_local directive into the default realm solved the issue - thank you so much! :-)

Best,
Tobias

--
Mit freundlichen Grüßen aus Dortmund,
Tobias Kritten (EXT), Head of Internal IT
________________________________
dogado GmbH
Antonio-Segni-Straße 11
44263 Dortmund


Hotline:        +49 (231) 28 66 200
Fax:    +49 (231) 28 66 20 20
Website:        http://www.dogado.de
Profil auf XING:        http://www.xing.com/companies/dogado
The Cloud Sourcing Blog:        http://www.dogado.de/blog
Twitter:        https://twitter.com/dogado
Facebook:       https://www.facebook.com/dogado
Technischer Support:    support at dogado.de<mailto:support at dogado.de>

Sitz der Gesellschaft: Dortmund Handelsregister: HRB 19737 Amtsgericht Dortmund,
Ust-IdNr: DE249338561 Geschäftsführer: Marcel Chorengel, Daniel Hagemeier, Ralph Cammerrath, Claus Boyens

________________________________