diff options
author | Rob Crittenden <rcritten@redhat.com> | 2015-04-22 17:29:25 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-04-27 11:51:24 -0400 |
commit | e5a7774427adf44c2100c5535aca569f938e7c2d (patch) | |
tree | 5b16d6586a25aeb0f71b21cd8cecd67dd92148d3 | |
parent | 44f663ac7dc5a6f28b25b083a21f6d9e912cff92 (diff) | |
download | ipsilon-e5a7774427adf44c2100c5535aca569f938e7c2d.tar.gz ipsilon-e5a7774427adf44c2100c5535aca569f938e7c2d.tar.xz ipsilon-e5a7774427adf44c2100c5535aca569f938e7c2d.zip |
Populate krb_principal_name from GSS_NAME env var
mod_auth_gssapi provides by default the local name in
REMOTE_USER and the full principal in GSS_NAME. Grab a
copy of that principal for krb_principal_name.
https://fedorahosted.org/ipsilon/ticket/115
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
-rw-r--r-- | ipsilon/login/authkrb.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/ipsilon/login/authkrb.py b/ipsilon/login/authkrb.py index 6fc0c53..dbb531a 100644 --- a/ipsilon/login/authkrb.py +++ b/ipsilon/login/authkrb.py @@ -42,7 +42,11 @@ class KrbAuth(LoginPageBase): us.remote_login() self.user = us.get_user() if not self.user.is_anonymous: - userdata = {'krb_principal_name': self.user.name} + principal = cherrypy.request.wsgi_environ.get('GSS_NAME', None) + if principal: + userdata = {'krb_principal_name': principal} + else: + userdata = {'krb_principal_name': self.user.name} return self.lm.auth_successful(trans, self.user.name, 'krb', userdata) else: |