habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sources/kerberos: authenticate with the user's username instead of the first username in authentik (#12497)

Browse Source 
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
This commit is contained in:
natural-hair
2025-01-06 13:11:29 +00:00
committed by GitHub
parent 6b1802697d
commit afb1686be7
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
authentik/sources/kerberos/auth.py
View File

@ -38,7 +38,9 @@ class KerberosBackend(InbuiltBackend):
self, username: str, realm: str | None, password: str, **filters self, username: str, realm: str | None, password: str, **filters
) -> tuple[User | None, KerberosSource | None]: ) -> tuple[User | None, KerberosSource | None]:
sources = KerberosSource.objects.filter(enabled=True) sources = KerberosSource.objects.filter(enabled=True)
user = User.objects.filter(usersourceconnection__source__in=sources, **filters).first() user = User.objects.filter(
usersourceconnection__source__in=sources, username=username, **filters
).first()
if user is not None: if user is not None:
# User found, let's get its connections for the sources that are available # User found, let's get its connections for the sources that are available
@ -77,7 +79,7 @@ class KerberosBackend(InbuiltBackend):
password, sender=user_source_connection.source password, sender=user_source_connection.source
) )
user_source_connection.user.save() user_source_connection.user.save()
return user, user_source_connection.source return user_source_connection.user, user_source_connection.source
# Password doesn't match, onto next source # Password doesn't match, onto next source
LOGGER.debug( LOGGER.debug(
"failed to kinit, password invalid", "failed to kinit, password invalid",