service

package
v1.5.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 15, 2022 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package service provides server side integrations for Kerberos authentication.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ClientAddress added in v1.5.5

func ClientAddress(h types.HostAddress) func(*Settings)

ClientAddress used to configure service side with the clients host address to be used during validation.

s := NewSettings(kt, ClientAddress(h))

func DecodePAC added in v1.5.5

func DecodePAC(b bool) func(*Settings)

DecodePAC used to configure service side to enable/disable PAC decoding if the PAC is present. Defaults to enabled if not specified.

s := NewSettings(kt, DecodePAC(false))

func KeytabPrincipal added in v1.5.5

func KeytabPrincipal(p string) func(*Settings)

KeytabPrincipal used to override the principal name used to find the key in the keytab.

s := NewSettings(kt, KeytabPrincipal("someaccount"))

func Logger added in v1.5.5

func Logger(l *log.Logger) func(*Settings)

Logger used to configure service side with a logger.

s := NewSettings(kt, Logger(l))

func MaxClockSkew added in v1.5.5

func MaxClockSkew(d time.Duration) func(*Settings)

MaxClockSkew used to configure service side with the maximum acceptable clock skew between the service and the issue time of kerberos tickets

s := NewSettings(kt, MaxClockSkew(d))

func RequireHostAddr added in v1.5.5

func RequireHostAddr(b bool) func(*Settings)

RequireHostAddr used to configure service side to required host addresses to be specified in Kerberos tickets.

s := NewSettings(kt, RequireHostAddr(true))

func SName added in v1.5.5

func SName(sname string) func(*Settings)

SName used provide a specific service name to the service settings.

s := NewSettings(kt, SName("HTTP/some.service.com"))

func VerifyAPREQ added in v1.5.5

func VerifyAPREQ(APReq messages.APReq, s *Settings) (bool, *credentials.Credentials, error)

VerifyAPREQ verifies an AP_REQ sent to the service. Returns a boolean for if the AP_REQ is valid and the client's principal name and realm.

Types

type Cache

type Cache struct {
	// contains filtered or unexported fields
}

Cache for tickets received from clients keyed by fully qualified client name. Used to track replay of tickets.

func GetReplayCache

func GetReplayCache(d time.Duration) *Cache

GetReplayCache returns a pointer to the Cache singleton.

func (*Cache) AddEntry

func (c *Cache) AddEntry(sname types.PrincipalName, a types.Authenticator)

AddEntry adds an entry to the Cache.

func (*Cache) ClearOldEntries

func (c *Cache) ClearOldEntries(d time.Duration)

ClearOldEntries clears entries from the Cache that are older than the duration provided.

func (*Cache) IsReplay

func (c *Cache) IsReplay(sname types.PrincipalName, a types.Authenticator) bool

IsReplay tests if the Authenticator provided is a replay within the duration defined. If this is not a replay add the entry to the cache for tracking.

type KRB5BasicAuthenticator

type KRB5BasicAuthenticator struct {
	BasicHeaderValue string
	// contains filtered or unexported fields
}

KRB5BasicAuthenticator implements gopkg.in/jcmturner/goidentity.v3.Authenticator interface. It takes username and password so can be used for basic authentication.

func NewKRB5BasicAuthenticator added in v1.5.5

func NewKRB5BasicAuthenticator(headerVal string, krb5conf *config.Config, serviceSettings *Settings, clientSettings *client.Settings) KRB5BasicAuthenticator

NewKRB5BasicAuthenticator creates a new NewKRB5BasicAuthenticator

func (KRB5BasicAuthenticator) Authenticate

func (a KRB5BasicAuthenticator) Authenticate() (i goidentity.Identity, ok bool, err error)

Authenticate and return the identity. The boolean indicates if the authentication was successful.

func (KRB5BasicAuthenticator) Mechanism

func (a KRB5BasicAuthenticator) Mechanism() string

Mechanism returns the authentication mechanism.

type Settings added in v1.5.5

type Settings struct {
	Keytab *keytab.Keytab
	// contains filtered or unexported fields
}

Settings defines service side configuration settings.

func NewSettings added in v1.5.5

func NewSettings(kt *keytab.Keytab, settings ...func(*Settings)) *Settings

NewSettings creates a new service Settings.

func (*Settings) ClientAddress added in v1.5.5

func (s *Settings) ClientAddress() types.HostAddress

ClientAddress returns the client host address which has been provided to the service.

func (*Settings) DecodePAC added in v1.5.5

func (s *Settings) DecodePAC() bool

DecodePAC indicates whether the service should decode any PAC information present in the ticket.

func (*Settings) KeytabPrincipal added in v1.5.5

func (s *Settings) KeytabPrincipal() *types.PrincipalName

KeytabPrincipal returns the principal name used to find the key in the keytab if it has been overridden.

func (*Settings) Logger added in v1.5.5

func (s *Settings) Logger() *log.Logger

Logger returns the logger instances configured for the service. If none is configured nill will be returned.

func (*Settings) MaxClockSkew added in v1.5.5

func (s *Settings) MaxClockSkew() time.Duration

MaxClockSkew returns the maximum acceptable clock skew between the service and the issue time of kerberos tickets. If none is defined a duration of 5 minutes is returned.

func (*Settings) RequireHostAddr added in v1.5.5

func (s *Settings) RequireHostAddr() bool

RequireHostAddr indicates if the service should require the host address to be included in the ticket.

func (*Settings) SName added in v1.5.5

func (s *Settings) SName() string

SName returns the specific service name to the service.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL