Merge branch 'topic/pr-934' into develop

2 files changed, 16 insertions, 0 deletions

diff --git a/src/main/distrib/data/defaults.properties b/src/main/distrib/data/defaults.properties
index f88407f4..4606f5fc 100644
--- a/src/main/distrib/data/defaults.properties
+++ b/src/main/distrib/data/defaults.properties
@@ -154,6 +154,12 @@ git.sshKrb5Keytab =
 # SINCE 1.7.0
 git.sshKrb5ServicePrincipalName = 
 
+# Strip the domain suffix from a kerberos username.
+# e.g. james@bigbox would be "james"
+#
+# SINCE 1.7.0
+git.sshKrb5StripDomain = true
+
 # SSH backend NIO2|MINA.
 #
 # The Apache Mina project recommends using the NIO2 backend.
diff --git a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
index 4afc00fc..b6d233cf 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
@@ -31,6 +31,8 @@ public class SshKrbAuthenticator extends GSSAuthenticator {
 
 	protected final Logger log = LoggerFactory.getLogger(getClass());
 	protected final IAuthenticationManager authManager;
+	protected final boolean stripDomain;
+
 
 	public SshKrbAuthenticator(IStoredSettings settings, IAuthenticationManager authManager) {
 		this.authManager = authManager;
@@ -44,6 +46,8 @@ public class SshKrbAuthenticator extends GSSAuthenticator {
 		if(! servicePrincipalName.isEmpty()) {
 			setServicePrincipalName(servicePrincipalName);
 		}
+
+		this.stripDomain = settings.getBoolean(Keys.git.sshKrb5StripDomain, false);
 	}
 
 	@Override
@@ -55,6 +59,12 @@ public class SshKrbAuthenticator extends GSSAuthenticator {
 			return true;
 		}
 		String username = identity.toLowerCase(Locale.US);
+		if (stripDomain) {
+			int p = username.indexOf('@');
+			if (p > 0) {
+				username = username.substring(0, p);
+			}
+		}
 		UserModel user = authManager.authenticate(username);
 		if (user != null) {
 			client.setUser(user);