REMOTE_USER variable and interoperability with mod_authnz_ldap #273
Description
Hi.
I have a question regarding REMOTE_USER variable. It seems that mod_auth_gssapi always 'wins' in setting this var when used together with mod_authnz_ldap. Is it technically possible to somehow prevent it from having a final say?
So it would set REMOTE_USER at authentication phase, but allow mod_authnz_ldap to override it down the line?
Use case: clients come with ${sAMAccountName}@${domain} principals, but service behind apache expects ${userPrincipalName} in REMOTE_USER. For some users those values do not match (and case always does not match). I would like mod_auth_gssapi to do authentication, and allow mod_authnz_ldap to canonicalize REMOTE_USER later. But currently resulting value always comes from mod_auth_gssapi, I can not even override it with SetEnv.