When using the krb_authenticate plugin and the user either clicks "logout" or their Roundcube session expires, they are shown the login screen. Apparently the old session hasn't been cleaned up yet when the plugin's startup hook is called?
I don't think there is a case when showing the login screen to a GSSAPI/Kerberos user is useful, since the user is effectively permanently "logged in" with HTTP authentication. I'm currently using the following hack as a workaround (basically, redirect back to the current page to make krb_authenticate notice that the session is gone), but is there a cleaner way to do this?
--- roundcubemail-1.3.6/plugins/krb_authentication/krb_authentication.php 2018-04-11 14:13:46.000000000 +0300
+++ krb_authentication.php 2018-05-27 16:26:03.938956008 +0300
@@ -24,6 +24,7 @@
$this->add_hook('authenticate', array($this, 'authenticate'));
$this->add_hook('login_after', array($this, 'login'));
$this->add_hook('storage_connect', array($this, 'storage_connect'));
+ $this->add_hook('logout_after', array($this, 'logout_after'));
}
/**
@@ -104,6 +105,21 @@
exit;
}
+ return $args;
+ }
+
+ /**
+ * logout_after hook handler
+ * If the user seems to have valid Kerberos credentials, redirect
+ * to current page to invoke the startup hook.
+ */
+ function logout_after($args)
+ {
+ if (!empty($_SERVER['REMOTE_USER']) && !empty($_SERVER['KRB5CCNAME'])) {
+ header('Location: ./');
+ exit;
+ }
+
return $args;
}
}
When using the
krb_authenticateplugin and the user either clicks "logout" or their Roundcube session expires, they are shown the login screen. Apparently the old session hasn't been cleaned up yet when the plugin'sstartuphook is called?I don't think there is a case when showing the login screen to a GSSAPI/Kerberos user is useful, since the user is effectively permanently "logged in" with HTTP authentication. I'm currently using the following hack as a workaround (basically, redirect back to the current page to make
krb_authenticatenotice that the session is gone), but is there a cleaner way to do this?