I’m not sure how exactly to phrase this, but I hope I can get my point
across. I don’t have a hack yet, but I’d like to try and set up a
seamless system to do the following:
Using mod_auth_kerb with apache1, I’m currently able to get users to log
in that have never touched RT before. It creates the user, but of course
no email address. I’d like to take their kerberos principal and use it to
formulate a default email address (firstname.lastname@example.org). I’d also
like users that are created via web logins to be unpriviledged by default
so that they’d automatically get the self service ui: currently they get
the default home page, even though they have no access to anything.
My only other issue is that if users email in a request, and that system
creates an account for them, the kerb account won’t match (and, in fact,
won’t allow concurrent use of a single email address), and the charade is
over. I really would like to avoid any steps for the admin on a
per-account basis to get this to work.
Is this a pipe dream?
VLSI Research System Administrator
University of Washington
Electrical Engineering Dept
206/543.2523 EE/CSE 307E