From 73c60e2df7ac240ddd847568e782a9b06f3ea520 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 9 Oct 2014 11:30:25 -0400
Subject: [PATCH] Fix mod_auth_kerb based authentication

Recent changes in how self.user is populated broke krb based auth.
Explicitly check the remote user in the module to fix it.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 ipsilon/login/authkrb.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ipsilon/login/authkrb.py b/ipsilon/login/authkrb.py
index 5f2d682..965d018 100755
--- a/ipsilon/login/authkrb.py
+++ b/ipsilon/login/authkrb.py
@@ -21,6 +21,7 @@ from ipsilon.login.common import LoginPageBase, LoginManagerBase
 from ipsilon.login.common import FACILITY
 from ipsilon.util.plugin import PluginObject
 from ipsilon.util.trans import Transaction
+from ipsilon.util.user import UserSession
 from string import Template
 import cherrypy
 import os
@@ -40,7 +41,10 @@ class KrbAuth(LoginPageBase):
         trans = Transaction('login', **kwargs)
         # If we can get here, we must be authenticated and remote_user
         # was set. Check the session has a user set already or error.
-        if self.user and self.user.name:
+        us = UserSession()
+        us.remote_login()
+        self.user = us.get_user()
+        if not self.user.is_anonymous:
             userdata = {'krb_principal_name': self.user.name}
             return self.lm.auth_successful(trans, self.user.name,
                                            'krb', userdata)
-- 
2.20.1