Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix kerberos authentication for the REST API. (#29054)
Previously we assigned kerberos user name directly to the flask user, but this had no chance to work because we expect FAB user there and our security code crash with 'str' has no attribute 'perms'. This PR uses Kerberos username (including the Kerberos realm) to retrieve the user from the security manager. This means that the user name has to have the form of `user_name@KERBEROS_REALM`. The reason why we are not using email (despite similarities of the realm and domain name is that those are often different. Email domain names have often nothing to do the with the realms within organisations, and it seems safer to put fully qualified names including the realm in order to uniquely identify the users in case the organisation uses more than one REALM. Fixes: #28919 Co-authored-by: BMFH <bogner85@mail.ru> Co-authored-by: BMFH <bogner85@mail.ru> (cherry picked from commit 135aef3)
- Loading branch information