William Muriithi wrote on Tue, Mar 07, 2017 at 19:02:39 -0500: > After making the necessary changes to work with kerberos, users were > able to authenticate well but I noticed the users ID now had kerberos > REALM. So instead of william, the username changed to > will...@eng.example.com. This was a problem because users started > having locking issue, but also meant authorisation was broken. > > To fix this, I added "KrbLocalUserMapping On" on apache > configuration. However, some user started having problem > authenticating.I am certain the problem involve LocalUserMapping as I > had the same experience yesterday and the problem cleared after > commenting out. I have been unable to find the root cause and had to > reverse the change. > > Have anyone seem such a problem before? Would be grateful for any pointer.
Subversion is really incidental here; if your question is how to cause mod_kerberos not to include @foo in the authenticate usernames it reports, try asking that on the httpd/kerberos forums.
