The highest tagged major version is v8.

client

package

v7.5.0 Latest Latest Go to latest Published: Jan 31, 2020 License: Apache-2.0 Imports: 24 Imported by: 319

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jcmturner/gokrb5

Links

Open Source Insights

Documentation ¶

Overview ¶

Package client provides a client library and methods for Kerberos 5 authentication.

Index ¶

Constants
func AssumePreAuthentication(b bool) func(*Settings)
func DisablePAFXFAST(b bool) func(*Settings)
func Logger(l *log.Logger) func(*Settings)
type Cache
- func NewCache() *Cache
- func (c *Cache) RemoveEntry(spn string)
type CacheEntry
type Client
type Settings
- func NewSettings(settings ...func(*Settings)) *Settings

Constants ¶

View Source

const (
	KRB5_KPASSWD_SUCCESS             = 0
	KRB5_KPASSWD_MALFORMED           = 1
	KRB5_KPASSWD_HARDERROR           = 2
	KRB5_KPASSWD_AUTHERROR           = 3
	KRB5_KPASSWD_SOFTERROR           = 4
	KRB5_KPASSWD_ACCESSDENIED        = 5
	KRB5_KPASSWD_BAD_VERSION         = 6
	KRB5_KPASSWD_INITIAL_FLAG_NEEDED = 7
)

Kpasswd server response codes.

Variables ¶

This section is empty.

Functions ¶

func AssumePreAuthentication ¶

func AssumePreAuthentication(b bool) func(*Settings)

AssumePreAuthentication used to configure the client to assume pre-authentication is required.

s := NewSettings(AssumePreAuthentication(true))

func DisablePAFXFAST ¶

func DisablePAFXFAST(b bool) func(*Settings)

DisablePAFXFAST used to configure the client to not use PA_FX_FAST.

s := NewSettings(DisablePAFXFAST(true))

func Logger ¶

func Logger(l *log.Logger) func(*Settings)

Logger used to configure client with a logger.

s := NewSettings(kt, Logger(l))

Types ¶

type Cache ¶

type Cache struct {
	Entries map[string]CacheEntry
	// contains filtered or unexported fields
}

Cache for service tickets held by the client.

func NewCache ¶

func NewCache() *Cache

NewCache creates a new client ticket cache instance.

func (*Cache) RemoveEntry ¶

func (c *Cache) RemoveEntry(spn string)

RemoveEntry removes the cache entry for the defined SPN.

type CacheEntry ¶

type CacheEntry struct {
	Ticket     messages.Ticket
	AuthTime   time.Time
	StartTime  time.Time
	EndTime    time.Time
	RenewTill  time.Time
	SessionKey types.EncryptionKey
}

CacheEntry holds details for a cache entry.

func NewClientFromCCache ¶

func NewClientFromCCache(c *credentials.CCache, krb5conf *config.Config, settings ...func(*Settings)) (*Client, error)

NewClientFromCCache create a client from a populated client cache.

WARNING: A client created from CCache does not automatically renew TGTs and a failure will occur after the TGT expires.

func NewClientWithKeytab ¶

func NewClientWithKeytab(username, realm string, kt *keytab.Keytab, krb5conf *config.Config, settings ...func(*Settings)) *Client

NewClientWithKeytab creates a new client from a keytab credential.

func NewClientWithPassword ¶

func NewClientWithPassword(username, realm, password string, krb5conf *config.Config, settings ...func(*Settings)) *Client

NewClientWithPassword creates a new client from a password credential. Set the realm to empty string to use the default realm from config.

func (*Client) ASExchange ¶

func (cl *Client) ASExchange(realm string, ASReq messages.ASReq, referral int) (messages.ASRep, error)

ASExchange performs an AS exchange for the client to retrieve a TGT.

func (*Client) AffirmLogin ¶ added in v7.5.0

func (cl *Client) AffirmLogin() error

AffirmLogin will only perform an AS exchange with the KDC if the client does not already have a TGT.

func (*Client) ChangePasswd ¶

func (cl *Client) ChangePasswd(newPasswd string) (bool, error)

ChangePasswd changes the password of the client to the value provided.

func (*Client) Destroy ¶

func (cl *Client) Destroy()

Destroy stops the auto-renewal of all sessions and removes the sessions and cache entries from the client.

func (*Client) GetCachedTicket ¶

func (cl *Client) GetCachedTicket(spn string) (messages.Ticket, types.EncryptionKey, bool)

GetCachedTicket returns a ticket from the cache for the SPN. Only a ticket that is currently valid will be returned.

func (*Client) GetServiceTicket ¶

func (cl *Client) GetServiceTicket(spn string) (messages.Ticket, types.EncryptionKey, error)

GetServiceTicket makes a request to get a service ticket for the SPN specified SPN format: <SERVICE>/<FQDN> Eg. HTTP/www.example.com The ticket will be added to the client's ticket cache

func (*Client) IsConfigured ¶

func (cl *Client) IsConfigured() (bool, error)

IsConfigured indicates if the client has the values required set.

func (*Client) Key ¶

func (cl *Client) Key(etype etype.EType, krberr *messages.KRBError) (types.EncryptionKey, error)

Key returns the client's encryption key for the specified encryption type. The key can be retrieved either from the keytab or generated from the client's password. If the client has both a keytab and a password defined the keytab is favoured as the source for the key A KRBError can be passed in the event the KDC returns one of type KDC_ERR_PREAUTH_REQUIRED and is required to derive the key for pre-authentication from the client's password. If a KRBError is not available, pass nil to this argument.

func (*Client) Log ¶

func (cl *Client) Log(format string, v ...interface{})

Log will write to the service's logger if it is configured.

func (cl *Client) Login() error

Login the client with the KDC via an AS exchange.

func (*Client) TGSExchange ¶

func (cl *Client) TGSExchange(tgsReq messages.TGSReq, kdcRealm string, tgt messages.Ticket, sessionKey types.EncryptionKey, referral int) (messages.TGSReq, messages.TGSRep, error)

TGSExchange exchanges the provided TGS_REQ with the KDC to retrieve a TGS_REP. Referrals are automatically handled. The client's cache is updated with the ticket received.

func (*Client) TGSREQGenerateAndExchange ¶

func (cl *Client) TGSREQGenerateAndExchange(spn types.PrincipalName, kdcRealm string, tgt messages.Ticket, sessionKey types.EncryptionKey, renewal bool) (tgsReq messages.TGSReq, tgsRep messages.TGSRep, err error)

TGSREQGenerateAndExchange generates the TGS_REQ and performs a TGS exchange to retrieve a ticket to the specified SPN.

type Settings ¶

type Settings struct {
	// contains filtered or unexported fields
}

Settings holds optional client settings.

func NewSettings ¶

func NewSettings(settings ...func(*Settings)) *Settings

NewSettings creates a new client settings struct.

func (*Settings) AssumePreAuthentication ¶

func (s *Settings) AssumePreAuthentication() bool

AssumePreAuthentication indicates if the client should proactively assume using pre-authentication.

func (*Settings) DisablePAFXFAST ¶

func (s *Settings) DisablePAFXFAST() bool

DisablePAFXFAST indicates is the client should disable the use of PA_FX_FAST.

func (*Settings) Logger ¶

func (s *Settings) Logger() *log.Logger

Logger returns the client logger instance.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL