Bug 446670

Summary: [RFE] Include apache directive 'KrbLocalUserMapping' in 'mod_auth_kerb'
Product: Red Hat Enterprise Linux 5 Reporter: Tomas Edwardsson <tommi>
Component: mod_auth_kerbAssignee: Joe Orton <jorton>
Status: CLOSED ERRATA QA Contact: Zbysek MRAZ <zmraz>
Severity: high Docs Contact:
Priority: high    
Version: 5.4CC: axton.grams, azelinka, cww, ebenes, jentrena, jkodak, luvilla, mb--redhat, mpoole, plambri, rdassen, tao, troels
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: mod_auth_kerb-5.1-5.el5 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-01-08 07:31:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 554476, 729781, 806907    
Attachments:
Description Flags
Kerberos Strip Realm patch for mod_auth_kerb none

Description Tomas Edwardsson 2008-05-15 16:28:39 UTC 
Description of problem:
The remote_user variable used by many scripts contains the REALM variable. I
know that this can be useful in many situtations but is hindering others. In
belief of options I am attaching a patch that adds the KrbStripRealm argument
that allows a user to strip the realm from the username sent to scripts.
Comment 1 Tomas Edwardsson 2008-05-15 16:28:39 UTC 
Created attachment 305508 [details]
Kerberos Strip Realm patch for mod_auth_kerb
Comment 2 Matt Bernstein 2008-06-30 08:00:18 UTC 
Thanks--I at least will find this useful eg for LDAP group authorization for
svn. Should be invaluable for FreeIPA.

Is there any interest in integrating this upstream?
Comment 3 Joe Orton 2008-07-15 13:52:26 UTC 
Upstream seems inclined to move this functionality into a (new) separate module,
mod_user_map, which is still under development:

http://article.gmane.org/gmane.comp.apache.mod-auth-kerb.general/1842

this seems like a reasonable approach; we could include the module in the
mod_auth_kerb package once it's complete.
Comment 4 Axton Grams 2009-10-28 01:56:24 UTC 
mod_auth_kerb version 5.4 includes this feature (released December 2008) exposed as the apache directive KrbLocalUserMapping.

From the 5.4 Changelog:
* implemented KrbLocalUserMapping i.e. to strip @REALM from username for further use

I have compiled and am running mod_auth_kerb 5.4 with the version of Apache provided by the Red Hat 5 repositories without any issues so far.

Please update your packages with a modern version of mod_auth_kerb.  Why does Red Hat run a version of this software that was released in 2005?  What is the standard process for updating software in the software repositories?  What can be done to revise this process so that the software is maintained with current software?
Comment 5 Tomas Edwardsson 2010-02-16 22:26:33 UTC 
You can safely close this bug, as Comment 4 suggests.
Comment 6 Axton Grams 2010-06-02 16:08:43 UTC 
When will mod_auth_kerb 5.4 be added as a package for "Red Hat Enterprise Linux Server release 5.3 (Tikanga)"?
Comment 8 RHEL Program Management 2010-08-09 19:14:37 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 10 RHEL Program Management 2011-05-31 14:30:35 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 12 RHEL Program Management 2011-09-23 00:33:11 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 21 Jake Kodak 2012-05-25 19:36:16 UTC 
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. This request will be considered in a future release of Red Hat Enterprise Linux.
Comment 28 errata-xmlrpc 2013-01-08 07:31:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0078.html