Remove timfel-krb5-auth gem
Problem
Based on this comment from @bdenkovych it looks like timfel-krb5-auth
gem is no longer needed and the gem is not actively maintained either. So, it is better from a security perspective to remove it.
Related to REMOVAL - omniauth-kerberos gem may be unmainta... (#2908 - closed)
Proposal
Remove timfel-krb5-auth
gem from our codebase for aforementioned reasons.
/cc @bdenkovych @ifarkas @hsutor
In %15.0 we removed omniauth-kerberos
gem to remove support for password-based Kerberos sign-ins. "Kerberos SPNEGO" is still supported. timfel-krb5-auth
gem is used for omniauth-kerberos
integration. So we can remove this from our codebase. We decided to do it as a follow-up to make any potential regression for "Kerberos SPNEGO" easily identifiable and reversible. Those 2 integrations shared a common code.
Actions need to be done
- Remove usage of
timfel-krb5-auth
gem in the codebase- Remove the gem from Gemfile
- Remove entire
ee/lib/gitlab/kerberos/authentication.rb
- Remove file
ee/lib/ee/gitlab/auth/o_auth/auth_hash.rb
- Revisit affected specs and either remove or fix them