spnego

package

v0.0.0-...-d86554d Latest Latest Go to latest Published: Mar 24, 2020 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

This is intended to give an interface for Kerberized servers to negotiate with clients using SPNEGO. A reference implementation is provided below.

Index ¶

func AddSPNEGONegotiate(h http.Header, name string, token *gssapi.Buffer)
func CheckSPNEGONegotiate(lib *gssapi.Lib, h http.Header, name string) (bool, *gssapi.Buffer)
type KerberizedServer
- func (k KerberizedServer) AcquireCred(serviceName string) (*gssapi.CredId, error)
- func (k KerberizedServer) Negotiate(cred *gssapi.CredId, inHeader, outHeader http.Header) (string, int, error)
type ServerNegotiator

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddSPNEGONegotiate ¶

func AddSPNEGONegotiate(h http.Header, name string, token *gssapi.Buffer)

AddSPNEGONegotiate adds a Negotiate header with the value of a serialized token to an http header.

func CheckSPNEGONegotiate ¶

func CheckSPNEGONegotiate(lib *gssapi.Lib, h http.Header, name string) (bool, *gssapi.Buffer)

CheckSPNEGONegotiate checks for the presence of a Negotiate header. If present, we return a gssapi Token created from the header value sent to us.

Types ¶

type KerberizedServer ¶

type KerberizedServer struct {
	*gssapi.Lib
	UseProxyAuthentication bool
}

A KerberizedServer allows a server to negotiate authentication over SPNEGO with a client.

func (KerberizedServer) AcquireCred ¶

func (k KerberizedServer) AcquireCred(serviceName string) (*gssapi.CredId, error)

AcquireCred acquires a Kerberos credential (keytab) from environment. The CredId MUST be released by the caller.

func (KerberizedServer) Negotiate ¶

func (k KerberizedServer) Negotiate(cred *gssapi.CredId, inHeader, outHeader http.Header) (string, int, error)

Negotiate handles the SPNEGO client-server negotiation. Negotiate will likely be invoked multiple times; a 200 or 400 response code are terminating conditions, whereas a 401 or 407 means that the client should respond to the challenge that we send.

type ServerNegotiator ¶

type ServerNegotiator interface {
	// AcquireCred acquires a credential from the server's environment.
	AcquireCred(string) (*gssapi.CredId, error)

	// Negotiate handles the negotiation with the client.
	Negotiate(*gssapi.CredId, http.Header, http.Header) (string, int, error)
}

A ServerNegotiator is an interface that defines minimal functionality for SPNEGO and credential issuance using GSSAPI from the server side.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL