src/main/distrib/data/defaults.properties | ●●●●● patch | view | raw | blame | history | |
src/main/java/com/gitblit/transport/ssh/SshDaemon.java | ●●●●● patch | view | raw | blame | history | |
src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java | ●●●●● patch | view | raw | blame | history |
src/main/distrib/data/defaults.properties
@@ -148,6 +148,11 @@ # SINCE 1.7.0 git.sshKrb5Keytab = "" # Strip domain from kerberos usernamae. # # SINCE 1.7.0 git.sshKrb5StripDomain = "true" # The service principal name to be used for Kerberos5. The default is host/hostname. # # SINCE 1.7.0 src/main/java/com/gitblit/transport/ssh/SshDaemon.java
@@ -133,7 +133,7 @@ //Will do GSS ? GSSAuthenticator gssAuthenticator = null; if(settings.getBoolean(Keys.git.sshWithKrb5, false)) { gssAuthenticator = new SshKrbAuthenticator(gitblit); gssAuthenticator = new SshKrbAuthenticator(gitblit, settings.getBoolean(Keys.git.sshKrb5StripDomain, false)); String keytabString = settings.getString(Keys.git.sshKrb5Keytab, ""); if(! keytabString.isEmpty()) { src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
@@ -27,10 +27,12 @@ protected final Logger log = LoggerFactory.getLogger(getClass()); protected final IAuthenticationManager authManager; protected final boolean stripDomain; public SshKrbAuthenticator(IAuthenticationManager authManager) { public SshKrbAuthenticator(IAuthenticationManager authManager, boolean stripDomain) { this.authManager = authManager; log.info("registry {}", authManager); this.stripDomain = stripDomain; log.info("registry {}", authManager); } public boolean validateIdentity(ServerSession session, String identity) { @@ -41,6 +43,11 @@ return true; } String username = identity.toLowerCase(Locale.US); if (stripDomain) { int p = username.indexOf('@'); if (p > 0) username = username.substring(0, p); } UserModel user = authManager.authenticate(username); if (user != null) { client.setUser(user);