On 12/02/2010 07:16 AM, Jon Stanley wrote:
I've successfully setup Koji with Kerberos authentication. The
issue
with this is that for notifications, it seems to expect usernames to
be valid email addresses - our krb5 principals have nothing to do with
any email address. There should be a way to specify what email to use
(or a mapping of usernames to email). I guess I could setup postfix
locally with an aliases file, but that seems like an ugly hack :(
Something like this has been nagging my subconscious for a long time.
The major koji instances I'm involved have not had this issue, so I've
been lulled into complacency.
I guess I should point out that it's not so much a mapping between krb5
username and email as /koji/ username and email. It's just that koji
makes the koji username match the krb5 username by default (particularly
when LoginCreatesUser is on). If your email addresses are all in the
same domain, then could turn off LoginCreatesUser and have the admins
create the users with username matching the email and an explicit
krb_principal.