From e5a7774427adf44c2100c5535aca569f938e7c2d Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 22 Apr 2015 17:29:25 -0400 Subject: [PATCH] Populate krb_principal_name from GSS_NAME env var mod_auth_gssapi provides by default the local name in REMOTE_USER and the full principal in GSS_NAME. Grab a copy of that principal for krb_principal_name. https://fedorahosted.org/ipsilon/ticket/115 Signed-off-by: Rob Crittenden Reviewed-by: Simo Sorce --- ipsilon/login/authkrb.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ipsilon/login/authkrb.py b/ipsilon/login/authkrb.py index 6fc0c53..dbb531a 100644 --- a/ipsilon/login/authkrb.py +++ b/ipsilon/login/authkrb.py @@ -42,7 +42,11 @@ class KrbAuth(LoginPageBase): us.remote_login() self.user = us.get_user() if not self.user.is_anonymous: - userdata = {'krb_principal_name': self.user.name} + principal = cherrypy.request.wsgi_environ.get('GSS_NAME', None) + if principal: + userdata = {'krb_principal_name': principal} + else: + userdata = {'krb_principal_name': self.user.name} return self.lm.auth_successful(trans, self.user.name, 'krb', userdata) else: -- 2.20.1