Don't reuse Kerberos ticket (#1389)
This commit is contained in:
parent
c833a18939
commit
b24503b636
|
@ -1,3 +1,4 @@
|
|||
|
||||
* Minimal authn level system (choice only)
|
||||
* (2ndF/OTP mail)
|
||||
* Combination/Choice for password (using session data)
|
||||
|
|
|
@ -33,6 +33,13 @@ sub init {
|
|||
|
||||
sub extractFormInfo {
|
||||
my ( $self, $req ) = @_;
|
||||
|
||||
if ( $req->datas->{_krbUser} ) {
|
||||
$self->logger->debug( 'Kerberos ticket already validated for '
|
||||
. $req->datas->{_krbUser} );
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
my $auth = $req->env->{HTTP_AUTHORIZATION};
|
||||
unless ($auth) {
|
||||
|
||||
|
@ -138,7 +145,7 @@ sub extractFormInfo {
|
|||
return PE_ERROR;
|
||||
}
|
||||
$self->userLogger->notice("$client_name authentified by Kerberos");
|
||||
$req->{_krbUser} = $client_name;
|
||||
$req->datas->{_krbUser} = $client_name;
|
||||
if ( $self->conf->{krbRemoveDomain} ) {
|
||||
$client_name =~ s/^(.*)@.*$/$1/;
|
||||
}
|
||||
|
@ -157,7 +164,7 @@ sub authLogout {
|
|||
sub setAuthSessionInfo {
|
||||
my ( $self, $req ) = @_;
|
||||
$req->{sessionInfo}->{authenticationLevel} = $self->conf->{krbAuthnLevel};
|
||||
$req->{sessionInfo}->{_krbUser} = $req->{_krbUser};
|
||||
$req->{sessionInfo}->{_krbUser} = $req->datas->{_krbUser};
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue