Populate krb_principal_name from GSS_NAME env variablegss_name

mod_auth_gssapi provides by default the local name in REMOTE_USER and the full principal in GSS_NAME. Grab a copy of that principal for krb_principal_name. https://fedorahosted.org/ipsilon/ticket/115 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
author: Rob Crittenden <rcritten@redhat.com> 2015-04-22 17:29:25 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2015-04-22 17:30:36 -0400
commit: 7aa35b9af97acad9c8ebb7c384bb131a62f05c24 (patch)
tree: fe3830e27c3f644d28460d4780fe36bb139e55e3
parent: bf5398120e33ff3e88d7b3794c9437e7e75ee369 (diff)
download: ipsilon.git-gss_name.tar.gz
ipsilon.git-gss_name.tar.xz
ipsilon.git-gss_name.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/ipsilon/login/authkrb.py b/ipsilon/login/authkrb.py
index 6fc0c53..dbb531a 100644
--- a/ipsilon/login/authkrb.py
+++ b/ipsilon/login/authkrb.py
@@ -42,7 +42,11 @@ class KrbAuth(LoginPageBase):
         us.remote_login()
         self.user = us.get_user()
         if not self.user.is_anonymous:
-            userdata = {'krb_principal_name': self.user.name}
+            principal = cherrypy.request.wsgi_environ.get('GSS_NAME', None)
+            if principal:
+                userdata = {'krb_principal_name': principal}
+            else:
+                userdata = {'krb_principal_name': self.user.name}
             return self.lm.auth_successful(trans, self.user.name,
                                            'krb', userdata)
         else:
author	Rob Crittenden <rcritten@redhat.com>	2015-04-22 17:29:25 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2015-04-22 17:30:36 -0400
commit	7aa35b9af97acad9c8ebb7c384bb131a62f05c24 (patch)
tree	fe3830e27c3f644d28460d4780fe36bb139e55e3
parent	bf5398120e33ff3e88d7b3794c9437e7e75ee369 (diff)
download	ipsilon.git-gss_name.tar.gz ipsilon.git-gss_name.tar.xz ipsilon.git-gss_name.zip