gokrb5.v7: gopkg.in/jcmturner/gokrb5.v7/client Index | Files

package client

import "gopkg.in/jcmturner/gokrb5.v7/client"

Package client provides a client library and methods for Kerberos 5 authentication.


Package Files

ASExchange.go TGSExchange.go cache.go client.go network.go passwd.go session.go settings.go


const (
    KRB5_KPASSWD_SUCCESS             = 0
    KRB5_KPASSWD_MALFORMED           = 1
    KRB5_KPASSWD_HARDERROR           = 2
    KRB5_KPASSWD_AUTHERROR           = 3
    KRB5_KPASSWD_SOFTERROR           = 4
    KRB5_KPASSWD_BAD_VERSION         = 6

Kpasswd server response codes.

func AssumePreAuthentication Uses

func AssumePreAuthentication(b bool) func(*Settings)

AssumePreAuthentication used to configure the client to assume pre-authentication is required.

s := NewSettings(AssumePreAuthentication(true))

func DisablePAFXFAST Uses

func DisablePAFXFAST(b bool) func(*Settings)

DisablePAFXFAST used to configure the client to not use PA_FX_FAST.

s := NewSettings(DisablePAFXFAST(true))

func Logger Uses

func Logger(l *log.Logger) func(*Settings)

Logger used to configure client with a logger.

s := NewSettings(kt, Logger(l))

type Cache Uses

type Cache struct {
    Entries map[string]CacheEntry
    // contains filtered or unexported fields

Cache for service tickets held by the client.

func NewCache Uses

func NewCache() *Cache

NewCache creates a new client ticket cache instance.

func (*Cache) RemoveEntry Uses

func (c *Cache) RemoveEntry(spn string)

RemoveEntry removes the cache entry for the defined SPN.

type CacheEntry Uses

type CacheEntry struct {
    Ticket     messages.Ticket
    AuthTime   time.Time
    StartTime  time.Time
    EndTime    time.Time
    RenewTill  time.Time
    SessionKey types.EncryptionKey

CacheEntry holds details for a cache entry.

type Client Uses

type Client struct {
    Credentials *credentials.Credentials
    Config      *config.Config
    // contains filtered or unexported fields

Client side configuration and state.

func NewClientFromCCache Uses

func NewClientFromCCache(c *credentials.CCache, krb5conf *config.Config, settings ...func(*Settings)) (*Client, error)

NewClientFromCCache create a client from a populated client cache.

WARNING: A client created from CCache does not automatically renew TGTs and a failure will occur after the TGT expires.

func NewClientWithKeytab Uses

func NewClientWithKeytab(username, realm string, kt *keytab.Keytab, krb5conf *config.Config, settings ...func(*Settings)) *Client

NewClientWithKeytab creates a new client from a keytab credential.

func NewClientWithPassword Uses

func NewClientWithPassword(username, realm, password string, krb5conf *config.Config, settings ...func(*Settings)) *Client

NewClientWithPassword creates a new client from a password credential. Set the realm to empty string to use the default realm from config.

func (*Client) ASExchange Uses

func (cl *Client) ASExchange(realm string, ASReq messages.ASReq, referral int) (messages.ASRep, error)

ASExchange performs an AS exchange for the client to retrieve a TGT.

func (*Client) ChangePasswd Uses

func (cl *Client) ChangePasswd(newPasswd string) (bool, error)

ChangePasswd changes the password of the client to the value provided.

func (*Client) Destroy Uses

func (cl *Client) Destroy()

Destroy stops the auto-renewal of all sessions and removes the sessions and cache entries from the client.

func (*Client) GetCachedTicket Uses

func (cl *Client) GetCachedTicket(spn string) (messages.Ticket, types.EncryptionKey, bool)

GetCachedTicket returns a ticket from the cache for the SPN. Only a ticket that is currently valid will be returned.

func (*Client) GetServiceTicket Uses

func (cl *Client) GetServiceTicket(spn string) (messages.Ticket, types.EncryptionKey, error)

GetServiceTicket makes a request to get a service ticket for the SPN specified SPN format: <SERVICE>/<FQDN> Eg. HTTP/www.example.com The ticket will be added to the client's ticket cache

func (*Client) IsConfigured Uses

func (cl *Client) IsConfigured() (bool, error)

IsConfigured indicates if the client has the values required set.

func (*Client) Key Uses

func (cl *Client) Key(etype etype.EType, krberr *messages.KRBError) (types.EncryptionKey, error)

Key returns the client's encryption key for the specified encryption type. The key can be retrieved either from the keytab or generated from the client's password. If the client has both a keytab and a password defined the keytab is favoured as the source for the key A KRBError can be passed in the event the KDC returns one of type KDC_ERR_PREAUTH_REQUIRED and is required to derive the key for pre-authentication from the client's password. If a KRBError is not available, pass nil to this argument.

func (*Client) Log Uses

func (cl *Client) Log(format string, v ...interface{})

Log will write to the service's logger if it is configured.

func (*Client) Login Uses

func (cl *Client) Login() error

Login the client with the KDC via an AS exchange.

func (*Client) TGSExchange Uses

func (cl *Client) TGSExchange(tgsReq messages.TGSReq, kdcRealm string, tgt messages.Ticket, sessionKey types.EncryptionKey, referral int) (messages.TGSReq, messages.TGSRep, error)

TGSExchange exchanges the provided TGS_REQ with the KDC to retrieve a TGS_REP. Referrals are automatically handled. The client's cache is updated with the ticket received.

func (*Client) TGSREQGenerateAndExchange Uses

func (cl *Client) TGSREQGenerateAndExchange(spn types.PrincipalName, kdcRealm string, tgt messages.Ticket, sessionKey types.EncryptionKey, renewal bool) (tgsReq messages.TGSReq, tgsRep messages.TGSRep, err error)

TGSREQGenerateAndExchange generates the TGS_REQ and performs a TGS exchange to retrieve a ticket to the specified SPN.

type Settings Uses

type Settings struct {
    // contains filtered or unexported fields

Settings holds optional client settings.

func NewSettings Uses

func NewSettings(settings ...func(*Settings)) *Settings

NewSettings creates a new client settings struct.

func (*Settings) AssumePreAuthentication Uses

func (s *Settings) AssumePreAuthentication() bool

AssumePreAuthentication indicates if the client should proactively assume using pre-authentication.

func (*Settings) DisablePAFXFAST Uses

func (s *Settings) DisablePAFXFAST() bool

DisablePAFXFAST indicates is the client should disable the use of PA_FX_FAST.

func (*Settings) Logger Uses

func (s *Settings) Logger() *log.Logger

Logger returns the client logger instance.

Package client imports 24 packages (graph) and is imported by 14 packages. Updated 2019-06-24. Refresh now. Tools for package owners.