sources/kerberos: authenticate with the user's username instead of th…

…e first username in authentik (cherry-pick #12497) (#12579) sources/kerberos: authenticate with the user's username instead of the first username in authentik (#12497) Co-authored-by: natural-hair <github@natural-hair.net> Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
goauthentik · Jan 6, 2025 · 9a1c76e · 9a1c76e
1 parent 96b5bee
commit 9a1c76e
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/authentik/sources/kerberos/auth.py b/authentik/sources/kerberos/auth.py
@@ -38,7 +38,9 @@ def auth_user(
         self, username: str, realm: str | None, password: str, **filters
     ) -> tuple[User | None, KerberosSource | None]:
         sources = KerberosSource.objects.filter(enabled=True)
-        user = User.objects.filter(usersourceconnection__source__in=sources, **filters).first()
+        user = User.objects.filter(
+            usersourceconnection__source__in=sources, username=username, **filters
+        ).first()
 
         if user is not None:
             # User found, let's get its connections for the sources that are available
@@ -77,7 +79,7 @@ def auth_user(
                         password, sender=user_source_connection.source
                     )
                     user_source_connection.user.save()
-                return user, user_source_connection.source
+                return user_source_connection.user, user_source_connection.source
             # Password doesn't match, onto next source
             LOGGER.debug(
                 "failed to kinit, password invalid",