Bug 446670 - [RFE] Include apache directive 'KrbLocalUserMapping' in 'mod_auth_kerb'
[RFE] Include apache directive 'KrbLocalUserMapping' in 'mod_auth_kerb'
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: mod_auth_kerb (Show other bugs)
5.4
All Linux
high Severity high
: rc
: ---
Assigned To: Joe Orton
Zbysek MRAZ
: FutureFeature, Triaged
Depends On:
Blocks: 554476 729781 806907
  Show dependency treegraph
 
Reported: 2008-05-15 12:28 EDT by Tomas Edwardsson
Modified: 2013-07-03 09:08 EDT (History)
13 users (show)

See Also:
Fixed In Version: mod_auth_kerb-5.1-5.el5
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-08 02:31:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Kerberos Strip Realm patch for mod_auth_kerb (2.12 KB, patch)
2008-05-15 12:28 EDT, Tomas Edwardsson
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 22194 None None None Never

  None (edit)
Description Tomas Edwardsson 2008-05-15 12:28:39 EDT
Description of problem:
The remote_user variable used by many scripts contains the REALM variable. I
know that this can be useful in many situtations but is hindering others. In
belief of options I am attaching a patch that adds the KrbStripRealm argument
that allows a user to strip the realm from the username sent to scripts.
Comment 1 Tomas Edwardsson 2008-05-15 12:28:39 EDT
Created attachment 305508 [details]
Kerberos Strip Realm patch for mod_auth_kerb
Comment 2 Matt Bernstein 2008-06-30 04:00:18 EDT
Thanks--I at least will find this useful eg for LDAP group authorization for
svn. Should be invaluable for FreeIPA.

Is there any interest in integrating this upstream?
Comment 3 Joe Orton 2008-07-15 09:52:26 EDT
Upstream seems inclined to move this functionality into a (new) separate module,
mod_user_map, which is still under development:

http://article.gmane.org/gmane.comp.apache.mod-auth-kerb.general/1842

this seems like a reasonable approach; we could include the module in the
mod_auth_kerb package once it's complete.
Comment 4 Axton Grams 2009-10-27 21:56:24 EDT
mod_auth_kerb version 5.4 includes this feature (released December 2008) exposed as the apache directive KrbLocalUserMapping.

From the 5.4 Changelog:
* implemented KrbLocalUserMapping i.e. to strip @REALM from username for further use

I have compiled and am running mod_auth_kerb 5.4 with the version of Apache provided by the Red Hat 5 repositories without any issues so far.

Please update your packages with a modern version of mod_auth_kerb.  Why does Red Hat run a version of this software that was released in 2005?  What is the standard process for updating software in the software repositories?  What can be done to revise this process so that the software is maintained with current software?
Comment 5 Tomas Edwardsson 2010-02-16 17:26:33 EST
You can safely close this bug, as Comment 4 suggests.
Comment 6 Axton Grams 2010-06-02 12:08:43 EDT
When will mod_auth_kerb 5.4 be added as a package for "Red Hat Enterprise Linux Server release 5.3 (Tikanga)"?
Comment 8 RHEL Product and Program Management 2010-08-09 15:14:37 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 10 RHEL Product and Program Management 2011-05-31 10:30:35 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 12 RHEL Product and Program Management 2011-09-22 20:33:11 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 21 Jake Kodak 2012-05-25 15:36:16 EDT
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. This request will be considered in a future release of Red Hat Enterprise Linux.
Comment 28 errata-xmlrpc 2013-01-08 02:31:57 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0078.html

Note You need to log in before you can comment on or make changes to this bug.