Documentation ¶
Overview ¶
Package config implements KRB5 client and service configuration as described at https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html
Index ¶
Constants ¶
const WeakETypeList = "" /* 129-byte string literal not displayed */
WeakETypeList is a list of encryption types that have been deemed weak.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { LibDefaults LibDefaults Realms []Realm DomainRealm DomainRealm }
Config represents the KRB5 configuration.
func NewFromReader ¶
NewFromReader creates a new Config struct from an io.Reader.
func NewFromScanner ¶
NewFromScanner creates a new Config struct from a bufio.Scanner.
func NewFromString ¶
NewFromString creates a new Config struct from a string.
func (*Config) GetKDCs ¶
GetKDCs returns the count of KDCs available and a map of KDC host names keyed on preference order.
func (*Config) GetKpasswdServers ¶
GetKpasswdServers returns the count of kpasswd servers available and a map of kpasswd host names keyed on preference order. https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html#realms - see kpasswd_server section
func (*Config) ResolveRealm ¶
ResolveRealm resolves the kerberos realm for the specified domain name from the domain to realm mapping. The most specific mapping is returned.
type DomainRealm ¶
DomainRealm maps the domains to realms representing the [domain_realm] section of the configuration.
type Invalid ¶
type Invalid struct {
// contains filtered or unexported fields
}
Invalid config error.
func InvalidErrorf ¶
InvalidErrorf creates a new Invalid error.
type LibDefaults ¶
type LibDefaults struct { AllowWeakCrypto bool //default false // ap_req_checksum_type int //unlikely to support this Canonicalize bool //default false CCacheType int //default is 4. unlikely to implement older Clockskew time.Duration //max allowed skew in seconds, default 300 //Default_ccache_name string // default /tmp/krb5cc_%{uid} //Not implementing as will hold in memory DefaultClientKeytabName string //default /usr/local/var/krb5/user/%{euid}/client.keytab DefaultKeytabName string //default /etc/krb5.keytab DefaultRealm string DefaultTGSEnctypes []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4 DefaultTktEnctypes []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4 DefaultTGSEnctypeIDs []int32 //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4 DefaultTktEnctypeIDs []int32 //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4 DNSCanonicalizeHostname bool //default true DNSLookupKDC bool //default false DNSLookupRealm bool ExtraAddresses []net.IP //Not implementing yet Forwardable bool //default false IgnoreAcceptorHostname bool //default false K5LoginAuthoritative bool //default false K5LoginDirectory string //default user's home directory. Must be owned by the user or root KDCDefaultOptions asn1.BitString //default 0x00000010 (KDC_OPT_RENEWABLE_OK) KDCTimeSync int //default 1 //kdc_req_checksum_type int //unlikely to implement as for very old KDCs NoAddresses bool //default true PermittedEnctypes []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4 PermittedEnctypeIDs []int32 //plugin_base_dir string //not supporting plugins PreferredPreauthTypes []int //default “17, 16, 15, 14”, which forces libkrb5 to attempt to use PKINIT if it is supported Proxiable bool //default false RDNS bool //default true RealmTryDomains int //default -1 RenewLifetime time.Duration //default 0 SafeChecksumType int //default 8 TicketLifetime time.Duration //default 1 day UDPPreferenceLimit int // 1 means to always use tcp. MIT krb5 has a default value of 1465, and it prevents user setting more than 32700. VerifyAPReqNofail bool //default false }
LibDefaults represents the [libdefaults] section of the configuration.
func (*LibDefaults) SetDefaultEnctypeIDs ¶ added in v8.5.1
func (l *LibDefaults) SetDefaultEnctypeIDs()
SetDefaultEnctypeIDs allows for updating the default enctype ids when AllowWeakCrypto has changed
type Realm ¶
type Realm struct { Realm string AdminServer []string //auth_to_local //Not implementing for now //auth_to_local_names //Not implementing for now DefaultDomain string KDC []string KPasswdServer []string //default admin_server:464 MasterKDC []string }
Realm represents an entry in the [realms] section of the configuration.
type UnsupportedDirective ¶
type UnsupportedDirective struct {
// contains filtered or unexported fields
}
UnsupportedDirective error.
func (UnsupportedDirective) Error ¶
func (e UnsupportedDirective) Error() string
Error implements the error interface for unsupported directives.