krb_authentication fixes (#6471)

* krb_authentication: remove default principal krb_authentication_context must be set to the right value to make GSSAPI work, we should not have any default for it outside config files, it could confuse users. We already handle empty/bad context in rcube_imap_generic.php, Net_Sieve, Net_SMTP. * krb_authentication: config.php.dist fix GSSAPI is better for searching, since GSS API is not used widely. host.fqdn@REALM.NAME is actually never used without service-prefix, on the other side it may be valid to use 'computername$' or 'username' with Samba/Active Directory, the common name for all these - 'principal'. * krb_authentication: raise error on empty context
6 years ago · 4920f3ef23
parent 9284d4a8c9
commit 4920f3ef23
2 changed files with 7 additions and 3 deletions
--- a/plugins/krb_authentication/config.inc.php.dist
+++ b/plugins/krb_authentication/config.inc.php.dist
@ -9,7 +9,7 @@
 // Unlike $config['default_host'] this must be a string!
 $config['krb_authentication_host'] = '';

-// GSS API security context.
+// GSSAPI security context.
 // Single value or an array with per-protocol values. Example:
 //
 //   $config['krb_authentication_context'] = array(
@ -17,4 +17,4 @@ $config['krb_authentication_host'] = '';
 //       'smtp'  => 'smtp/host.fqdn@REALM.NAME',
 //       'sieve' => 'sieve/host.fqdn@REALM.NAME',
 //   );
-$config['krb_authentication_context'] = 'host.fqdn@REALM.NAME';
+$config['krb_authentication_context'] = 'principal@REALM.NAME';
--- a/plugins/krb_authentication/krb_authentication.php
+++ b/plugins/krb_authentication/krb_authentication.php
@ -146,6 +146,10 @@ class krb_authentication extends rcube_plugin
             $context = $context[$protocol];
        }

-        return $context ?: 'host.fqdn@REALM.NAME';
+        if (empty($context)) {
+            rcube::raise_error("Empty GSSAPI context.", true);
+        }
+
+        return $context;
    }
 }