Add custom Devise authentication strategy for Kerberos

config/application.rb

@@ -17,6 +17,7 @@ module MsuCourseAlerter
 
     # Custom directories with classes and modules you want to be autoloadable.
     # config.autoload_paths += %W(#{config.root}/extras)
+    config.autoload_paths += %W(#{config.root}/lib)
 
     # Only load the plugins named here, in the order given (default is alphabetical).
     # :all can be used as a placeholder for all plugins not explicitly named.

config/initializers/devise.rb

@@ -223,6 +223,10 @@ Devise.setup do |config|
   #   manager.intercept_401 = false
   #   manager.default_strategies(:scope => :user).unshift :some_external_strategy
   # end
+  config.warden do |manager|
+    manager.strategies.add(:kerb, CustomAuth::Devise::Strategies::Kerb)
+    manager.default_strategies :kerb
+  end
 
   # ==> Mountable engine configurations
   # When using Devise inside an engine, let's call it `MyEngine`, and this engine

lib/custom_auth.rb

@@ -0,0 +1,36 @@
+module CustomAuth
+  module Devise
+    module Strategies
+      class Kerb < ::Devise::Strategies::Base
+        def valid?
+          params[:user] && (params[:user][:username] || params[:user][:password])
+        end
+
+        def authenticate!
+          if check_kerb_auth(params[:username], params[:password])
+            u = User.find(:first, 
+              :conditions => { :username => params[:username] }) || 
+              User.create({ :username => login }
+            )
+          else
+            fail!("Could not log in")
+          end
+        end
+
+        def check_kerb_auth(username, password)
+          require 'krb5_auth'
+          include Krb5Auth
+
+          return false if username.blank? or password.blank?
+
+          begin
+            kerberos = Krb5.new
+            return kerberos.get_init_creds_password(username, password)
+          rescue Krb5Auth::Krb5::Exception
+            return false
+          end
+        end
+      end
+    end
+  end
+end