When TWiki release 4.2 is used with TWiki::LoginManager::ApacheLogin and Apache is configure to Kerberos authentication (auth_kerb module) the Apache gives the logged in REMOTEUSER in the format of ' username@realm'
. TWiki expects the REMOTEUSER being in the format of 'username'. There seems to be no configuration options to set this correctly.
Workaround is to patch the lib/TWiki/Users.pm file and to simply strip the realm part of the REMOTEUSER variable. The patch is added to the report.
More cleaner solution would be to have a configuration option for ApacheLogin
module, which could perhaps specify a REMOTEUSER format.
I'll take a look at it, as I'm using email addresses as the login for a project i'm doing right now
- 28 Mar 2008
I don't understand why you need to strip off the realm. I'm using email addresses as is, and it seems to be working. All i needed to do is adjust the LoginName
Filter to remove the
, and everthing seems happy. Any chance you can confirm why you can't?
- 31 Mar 2008
Right, I should have explained more. I need to map the users to LDAP directory with LdapContrib
as well. The right attribute to do that would be userPrincipalName, but unfortunately this attribute use different domain and doesn't match. E-mail addresses are in the long format (firstname.lastname@domainNOSPAM.com
) and also do not match.
Which leaves me to patching the Users.pm
- 02 Apr 2008
aha, that makes alot more sense to me
I I have the vague feeling there are other ways to doit, but i need to ponder
Harald would do that change in LocalLib
.cfg or something equally trixy (insert link here) - maybe we should write a howto/blog on that and see how it goes.
- 03 Apr 2008
This issue might be connected or already solved with http://develop.twiki.org/~twiki4/cgi-bin/view/Bugs/Item4771
There seems to be an attachment, which is called KerberosLogin
.pm and which seems to be much more cleaner solution.
- 11 Apr 2008