jetty.project
jetty.project copied to clipboard
jetty
auth_to_local support in Spnego authentication
10.x, 11.x, 12.x
auth_to_local support in Spnego authentication
Currently ConfigurableSpnegoLoginService.toUserName just strips the realm part of the principal. Complex systems may require mapping principals to local users with MIT Kerberos's auth_to_local rules which is currently impossible to do in Jetty and that prevents us from a few use cases where Jetty hosted APIs are used by other processes.
However this configuration can be easily configured in krb5.conf, users may use other Kerberos implementations that may or may not implement a similar feature yet would want to use this mapping. Therefore some other projects like Hadoop has implemented it (here), so I think it'd make sense for Jetty as well to implement this.
Also, as a very lightweight alternative, we'd be happy even if we could override toUserName to provide this functionality by subclassing ConfigurableSpnegoLoginService.
This issue has been automatically marked as stale because it has been a full year without activity. It will be closed if no further activity occurs. Thank you for your contributions.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically marked as stale because it has been a full year without activity. It will be closed if no further activity occurs. Thank you for your contributions.