 |
sschot.png (20,334 bytes) |
 |
I understand the problem but don't have a good solution for it at the moment. |
 |
Hi, I guess you're using mod_auth_kerb on Apache? How about setting KrbLocalUserMapping On (available since version 5.4 IIRC). If the version is too old for that and my guess about Apache is correct, maybe you can install the mod_map_user module and put something like that MapUsernameRule x(.*)@(.*) "$1" in the configuration? Best regards Max |
|
|
Do users authenticate within only one domain? |
|
|
Barbarossa, thanks for the proposal, will test it now infrastation, yes, users authenticate from only one domain. It's some kind of workaround, but I think it should work for 60-70% of cases |
|
|
Barbarossa, thanks, the solution with KrbLocalUserMapping works! infrastation, why not just exclude @ from prohibited symbols in 'allow' directive? |
 |
Could a solution be something like rewriting the username if it contains an "@" by replacing it with something like "(at)". We have been using another piece of software where we had to manually add a few lines that would take the username attribute from our CAS solution and rewrite it from "user@dom.ai.n" to "user(at)dom.ai.n". In other solutions we were forced to use "_" og "-" instead of "\" or "@" when authenticating against our AD. It is a hack of sorts but it would possible to handle. |
- Anonymous
