sources/kerberos: authenticate with the user's username instead of the first username in authentik (cherry-pick #12497) (#12579)
sources/kerberos: authenticate with the user's username instead of the first username in authentik (#12497) Co-authored-by: natural-hair <github@natural-hair.net> Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
This commit is contained in:
gcp-cherry-pick-bot[bot]
committed by
GitHub
GitHub
parent
96b5bee912
commit
9a1c76efe7
@ -38,7 +38,9 @@ class KerberosBackend(InbuiltBackend):
|
|||||||
self, username: str, realm: str | None, password: str, **filters
|
self, username: str, realm: str | None, password: str, **filters
|
||||||
) -> tuple[User | None, KerberosSource | None]:
|
) -> tuple[User | None, KerberosSource | None]:
|
||||||
sources = KerberosSource.objects.filter(enabled=True)
|
sources = KerberosSource.objects.filter(enabled=True)
|
||||||
user = User.objects.filter(usersourceconnection__source__in=sources, **filters).first()
|
user = User.objects.filter(
|
||||||
|
usersourceconnection__source__in=sources, username=username, **filters
|
||||||
|
).first()
|
||||||
|
|
||||||
if user is not None:
|
if user is not None:
|
||||||
# User found, let's get its connections for the sources that are available
|
# User found, let's get its connections for the sources that are available
|
||||||
@ -77,7 +79,7 @@ class KerberosBackend(InbuiltBackend):
|
|||||||
password, sender=user_source_connection.source
|
password, sender=user_source_connection.source
|
||||||
)
|
)
|
||||||
user_source_connection.user.save()
|
user_source_connection.user.save()
|
||||||
return user, user_source_connection.source
|
return user_source_connection.user, user_source_connection.source
|
||||||
# Password doesn't match, onto next source
|
# Password doesn't match, onto next source
|
||||||
LOGGER.debug(
|
LOGGER.debug(
|
||||||
"failed to kinit, password invalid",
|
"failed to kinit, password invalid",
|
||||||
|
|||||||
Reference in New Issue
Block a user