mod_auth_gssapi gives us access to the local name via REMOTE_USER and the full principal via GSS_NAME. GSS_NAME can be used to provide the Kerberos NameID.
Fields changed
milestone: => 1.0
owner: => rcritten status: new => accepted
If GSS_NAME is set then save it as krb_principal_name, otherwise fall back to the current user name. Assuming mod_auth_gssapi is always used for Kerberos auth this should always just work, but having a failsafe will prevent a traceback.
Patch in my gss_name review branch.
patch_available: 0 => 1
master: e5a7774
resolution: => fixed status: accepted => closed
rhbz: => 0
Metadata Update from @nkinder: - Issue assigned to rcritten - Issue set to the milestone: 1.0
Login to comment on this ticket.