summaryrefslogtreecommitdiffstats
path: root/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java')
-rw-r--r--src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java6
1 files changed, 2 insertions, 4 deletions
diff --git a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
index b6d233cf..06444606 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshKrbAuthenticator.java
@@ -54,10 +54,7 @@ public class SshKrbAuthenticator extends GSSAuthenticator {
public boolean validateIdentity(ServerSession session, String identity) {
log.info("identify with kerberos {}", identity);
SshDaemonClient client = session.getAttribute(SshDaemonClient.KEY);
- if (client.getUser() != null) {
- log.info("{} has already authenticated!", identity);
- return true;
- }
+
String username = identity.toLowerCase(Locale.US);
if (stripDomain) {
int p = username.indexOf('@');
@@ -67,6 +64,7 @@ public class SshKrbAuthenticator extends GSSAuthenticator {
}
UserModel user = authManager.authenticate(username);
if (user != null) {
+// TODO: Check if the user was set in the client and if it is the same as this user. Do not allow changing the user during the SSH auth process.
client.setUser(user);
return true;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-15 13:04:51 +0000