gokrb5.v7: gopkg.in/jcmturner/gokrb5.v7/config Index | Files

package config

import "gopkg.in/jcmturner/gokrb5.v7/config"

Package config implements KRB5 client and service configuration as described at https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html

Index

Package Files

error.go hosts.go krb5conf.go

Constants

const WeakETypeList = "" /* 131 byte string literal not displayed */

WeakETypeList is a list of encryption types that have been deemed weak.

type Config Uses

type Config struct {
    LibDefaults LibDefaults
    Realms      []Realm
    DomainRealm DomainRealm
}

Config represents the KRB5 configuration.

func Load Uses

func Load(cfgPath string) (*Config, error)

Load the KRB5 configuration from the specified file path.

func NewConfig Uses

func NewConfig() *Config

NewConfig creates a new config struct instance.

func NewConfigFromReader Uses

func NewConfigFromReader(r io.Reader) (*Config, error)

NewConfigFromReader creates a new Config struct from an io.Reader.

func NewConfigFromScanner Uses

func NewConfigFromScanner(scanner *bufio.Scanner) (*Config, error)

NewConfigFromScanner creates a new Config struct from a bufio.Scanner.

func NewConfigFromString Uses

func NewConfigFromString(s string) (*Config, error)

NewConfigFromString creates a new Config struct from a string.

func (*Config) GetKDCs Uses

func (c *Config) GetKDCs(realm string, tcp bool) (int, map[int]string, error)

GetKDCs returns the count of KDCs available and a map of KDC host names keyed on preference order.

func (*Config) GetKpasswdServers Uses

func (c *Config) GetKpasswdServers(realm string, tcp bool) (int, map[int]string, error)

GetKpasswdServers returns the count of kpasswd servers available and a map of kpasswd host names keyed on preference order. https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html#realms - see kpasswd_server section

func (*Config) ResolveRealm Uses

func (c *Config) ResolveRealm(domainName string) string

ResolveRealm resolves the kerberos realm for the specified domain name from the domain to realm mapping. The most specific mapping is returned.

type DomainRealm Uses

type DomainRealm map[string]string

DomainRealm maps the domains to realms representing the [domain_realm] section of the configuration.

type Invalid Uses

type Invalid struct {
    // contains filtered or unexported fields
}

Invalid config error.

func InvalidErrorf Uses

func InvalidErrorf(format string, a ...interface{}) Invalid

InvalidErrorf creates a new Invalid error.

func (Invalid) Error Uses

func (e Invalid) Error() string

Error implements the error interface for invalid config error.

type LibDefaults Uses

type LibDefaults struct {
    AllowWeakCrypto bool //default false
    // ap_req_checksum_type int //unlikely to support this
    Canonicalize bool          //default false
    CCacheType   int           //default is 4. unlikely to implement older
    Clockskew    time.Duration //max allowed skew in seconds, default 300
    //Default_ccache_name string // default /tmp/krb5cc_%{uid} //Not implementing as will hold in memory
    DefaultClientKeytabName string //default /usr/local/var/krb5/user/%{euid}/client.keytab
    DefaultKeytabName       string //default /etc/krb5.keytab
    DefaultRealm            string
    DefaultTGSEnctypes      []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
    DefaultTktEnctypes      []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
    DefaultTGSEnctypeIDs    []int32  //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
    DefaultTktEnctypeIDs    []int32  //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
    DNSCanonicalizeHostname bool     //default true
    DNSLookupKDC            bool     //default false
    DNSLookupRealm          bool
    ExtraAddresses          []net.IP       //Not implementing yet
    Forwardable             bool           //default false
    IgnoreAcceptorHostname  bool           //default false
    K5LoginAuthoritative    bool           //default false
    K5LoginDirectory        string         //default user's home directory. Must be owned by the user or root
    KDCDefaultOptions       asn1.BitString //default 0x00000010 (KDC_OPT_RENEWABLE_OK)
    KDCTimeSync             int            //default 1
    //kdc_req_checksum_type int //unlikely to implement as for very old KDCs
    NoAddresses         bool     //default true
    PermittedEnctypes   []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
    PermittedEnctypeIDs []int32
    //plugin_base_dir string //not supporting plugins
    PreferredPreauthTypes []int         //default “17, 16, 15, 14”, which forces libkrb5 to attempt to use PKINIT if it is supported
    Proxiable             bool          //default false
    RDNS                  bool          //default true
    RealmTryDomains       int           //default -1
    RenewLifetime         time.Duration //default 0
    SafeChecksumType      int           //default 8
    TicketLifetime        time.Duration //default 1 day
    UDPPreferenceLimit    int           // 1 means to always use tcp. MIT krb5 has a default value of 1465, and it prevents user setting more than 32700.
    VerifyAPReqNofail     bool          //default false
}

LibDefaults represents the [libdefaults] section of the configuration.

type Realm Uses

type Realm struct {
    Realm       string
    AdminServer []string
    //auth_to_local //Not implementing for now
    //auth_to_local_names //Not implementing for now
    DefaultDomain string
    KDC           []string
    KPasswdServer []string //default admin_server:464
    MasterKDC     []string
}

Realm represents an entry in the [realms] section of the configuration.

type UnsupportedDirective Uses

type UnsupportedDirective struct {
    // contains filtered or unexported fields
}

UnsupportedDirective error.

func (UnsupportedDirective) Error Uses

func (e UnsupportedDirective) Error() string

Error implements the error interface for unsupported directives.

Package config imports 16 packages (graph) and is imported by 16 packages. Updated 2019-06-24. Refresh now. Tools for package owners.