Description of problem: The remote_user variable used by many scripts contains the REALM variable. I know that this can be useful in many situtations but is hindering others. In belief of options I am attaching a patch that adds the KrbStripRealm argument that allows a user to strip the realm from the username sent to scripts.
Created attachment 305508 [details] Kerberos Strip Realm patch for mod_auth_kerb
Thanks--I at least will find this useful eg for LDAP group authorization for svn. Should be invaluable for FreeIPA. Is there any interest in integrating this upstream?
Upstream seems inclined to move this functionality into a (new) separate module, mod_user_map, which is still under development: http://article.gmane.org/gmane.comp.apache.mod-auth-kerb.general/1842 this seems like a reasonable approach; we could include the module in the mod_auth_kerb package once it's complete.
mod_auth_kerb version 5.4 includes this feature (released December 2008) exposed as the apache directive KrbLocalUserMapping. From the 5.4 Changelog: * implemented KrbLocalUserMapping i.e. to strip @REALM from username for further use I have compiled and am running mod_auth_kerb 5.4 with the version of Apache provided by the Red Hat 5 repositories without any issues so far. Please update your packages with a modern version of mod_auth_kerb. Why does Red Hat run a version of this software that was released in 2005? What is the standard process for updating software in the software repositories? What can be done to revise this process so that the software is maintained with current software?
You can safely close this bug, as Comment 4 suggests.
When will mod_auth_kerb 5.4 be added as a package for "Red Hat Enterprise Linux Server release 5.3 (Tikanga)"?
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. This request will be considered in a future release of Red Hat Enterprise Linux.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0078.html