From 971cc176b582a91e205493dc554d0f10d5c78b28 Mon Sep 17 00:00:00 2001
From: jankaspar <2270833+jankaspar@users.noreply.github.com>
Date: Wed, 18 Nov 2020 09:56:29 +0000
Subject: [PATCH] Add temporary fix for python sspi with kerberos auth. (#459)

---
 internal/armada/authorization/kerberos.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/internal/armada/authorization/kerberos.go b/internal/armada/authorization/kerberos.go
index 0956d65f5cc..9df3262df09 100644
--- a/internal/armada/authorization/kerberos.go
+++ b/internal/armada/authorization/kerberos.go
@@ -105,7 +105,9 @@ func (authService *KerberosAuthService) Authenticate(ctx context.Context) (Princ
 			user := adCredentials.EffectiveName + authService.userNameSuffix
 			groups := adCredentials.GroupMembershipSIDs
 
-			_ = grpc.SetHeader(ctx, metadata.Pairs(spnego.HTTPHeaderAuthResponse, spnegoNegTokenRespKRBAcceptCompleted))
+			// Original library sets ticket accepted header here, but this breaks python request-negotiate-sspi module
+			// removing the header as workaround before moving away from kerberos
+			// _ = grpc.SetHeader(ctx, metadata.Pairs(spnego.HTTPHeaderAuthResponse, spnegoNegTokenRespKRBAcceptCompleted))
 			return NewStaticPrincipal(user, groups), nil
 		}
 		log.Error("Failed to read ad credentials")