config

package
v8.5.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 15, 2022 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Overview

Package config implements KRB5 client and service configuration as described at https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html

Index

Constants

View Source
const WeakETypeList = "" /* 129-byte string literal not displayed */

WeakETypeList is a list of encryption types that have been deemed weak.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	LibDefaults LibDefaults
	Realms      []Realm
	DomainRealm DomainRealm
}

Config represents the KRB5 configuration.

func Load

func Load(cfgPath string) (*Config, error)

Load the KRB5 configuration from the specified file path.

func New

func New() *Config

New creates a new config struct instance.

func NewFromReader

func NewFromReader(r io.Reader) (*Config, error)

NewFromReader creates a new Config struct from an io.Reader.

func NewFromScanner

func NewFromScanner(scanner *bufio.Scanner) (*Config, error)

NewFromScanner creates a new Config struct from a bufio.Scanner.

func NewFromString

func NewFromString(s string) (*Config, error)

NewFromString creates a new Config struct from a string.

func (*Config) GetKDCs

func (c *Config) GetKDCs(realm string, tcp bool) (int, map[int]string, error)

GetKDCs returns the count of KDCs available and a map of KDC host names keyed on preference order.

func (*Config) GetKpasswdServers

func (c *Config) GetKpasswdServers(realm string, tcp bool) (int, map[int]string, error)

GetKpasswdServers returns the count of kpasswd servers available and a map of kpasswd host names keyed on preference order. https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html#realms - see kpasswd_server section

func (*Config) JSON

func (c *Config) JSON() (string, error)

JSON return details of the config in a JSON format.

func (*Config) ResolveRealm

func (c *Config) ResolveRealm(domainName string) string

ResolveRealm resolves the kerberos realm for the specified domain name from the domain to realm mapping. The most specific mapping is returned.

type DomainRealm

type DomainRealm map[string]string

DomainRealm maps the domains to realms representing the [domain_realm] section of the configuration.

type Invalid

type Invalid struct {
	// contains filtered or unexported fields
}

Invalid config error.

func InvalidErrorf

func InvalidErrorf(format string, a ...interface{}) Invalid

InvalidErrorf creates a new Invalid error.

func (Invalid) Error

func (e Invalid) Error() string

Error implements the error interface for invalid config error.

type LibDefaults

type LibDefaults struct {
	AllowWeakCrypto bool //default false
	// ap_req_checksum_type int //unlikely to support this
	Canonicalize bool          //default false
	CCacheType   int           //default is 4. unlikely to implement older
	Clockskew    time.Duration //max allowed skew in seconds, default 300
	//Default_ccache_name string // default /tmp/krb5cc_%{uid} //Not implementing as will hold in memory
	DefaultClientKeytabName string //default /usr/local/var/krb5/user/%{euid}/client.keytab
	DefaultKeytabName       string //default /etc/krb5.keytab
	DefaultRealm            string
	DefaultTGSEnctypes      []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
	DefaultTktEnctypes      []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
	DefaultTGSEnctypeIDs    []int32  //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
	DefaultTktEnctypeIDs    []int32  //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
	DNSCanonicalizeHostname bool     //default true
	DNSLookupKDC            bool     //default false
	DNSLookupRealm          bool
	ExtraAddresses          []net.IP       //Not implementing yet
	Forwardable             bool           //default false
	IgnoreAcceptorHostname  bool           //default false
	K5LoginAuthoritative    bool           //default false
	K5LoginDirectory        string         //default user's home directory. Must be owned by the user or root
	KDCDefaultOptions       asn1.BitString //default 0x00000010 (KDC_OPT_RENEWABLE_OK)
	KDCTimeSync             int            //default 1
	//kdc_req_checksum_type int //unlikely to implement as for very old KDCs
	NoAddresses         bool     //default true
	PermittedEnctypes   []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
	PermittedEnctypeIDs []int32
	//plugin_base_dir string //not supporting plugins
	PreferredPreauthTypes []int         //default “17, 16, 15, 14”, which forces libkrb5 to attempt to use PKINIT if it is supported
	Proxiable             bool          //default false
	RDNS                  bool          //default true
	RealmTryDomains       int           //default -1
	RenewLifetime         time.Duration //default 0
	SafeChecksumType      int           //default 8
	TicketLifetime        time.Duration //default 1 day
	UDPPreferenceLimit    int           // 1 means to always use tcp. MIT krb5 has a default value of 1465, and it prevents user setting more than 32700.
	VerifyAPReqNofail     bool          //default false
}

LibDefaults represents the [libdefaults] section of the configuration.

func (*LibDefaults) SetDefaultEnctypeIDs added in v8.5.1

func (l *LibDefaults) SetDefaultEnctypeIDs()

SetDefaultEnctypeIDs allows for updating the default enctype ids when AllowWeakCrypto has changed

type Realm

type Realm struct {
	Realm       string
	AdminServer []string
	//auth_to_local //Not implementing for now
	//auth_to_local_names //Not implementing for now
	DefaultDomain string
	KDC           []string
	KPasswdServer []string //default admin_server:464
	MasterKDC     []string
}

Realm represents an entry in the [realms] section of the configuration.

type UnsupportedDirective

type UnsupportedDirective struct {
	// contains filtered or unexported fields
}

UnsupportedDirective error.

func (UnsupportedDirective) Error

func (e UnsupportedDirective) Error() string

Error implements the error interface for unsupported directives.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL