krb5

package module
v0.0.0-...-b8d5174 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 16, 2022 License: Apache-2.0 Imports: 15 Imported by: 0

README

go-mssqldb-auth-krb5

A pure go kerberos authentication provider package for https://github.com/microsoft/go-mssqldb using the gokrb5/v8 package at https://github.com/jcmturner/gokrb5/

In order to use the package, import it alongside the main driver

	_ "github.com/bet365/go-mssqldb-auth-krb5"
	_ "github.com/microsoft/go-mssqldb"

It will register itself and become available for use when the connection string parameter "authenticator=krb5" is used.

e.g.

authenticator=krb5;server=DatabaseServerName;database=DBName;krb5-params.....

The package supports authentication via 3 methods.

  • Keytabs - Specify the username, keytab file, the krb5.conf file, and realm.

    authenticator=krb5;server=DatabaseServerName;database=DBName;user id=MyUserName;krb5-realm=domain.com;krb5-configfile=/etc/krb5.conf;krb5-keytabfile=~/MyUserName.keytab
    
  • Credential Cache - Specify the krb5.conf file path and credential cache file path.

    authenticator=krb5;server=DatabaseServerName;database=DBName;krb5-configfile=/etc/krb5.conf;krb5-keytabcachefile=~/MyUserNameCachedCreds
    
  • Raw credentials - Specity krb5.confg, Username, Password and Realm.

    authenticator=krb5;server=DatabaseServerName;database=DBName;user id=MyUserName;password=MyPassword;krb5-realm=comani.com;krb5-configfile=/etc/krb5.conf;
    

The parameter names themselves are as follows :

krb5-configfile
path to krb5 configuration file. e.g. /etc/krb5.conf

krb5-keytabfile
path to keytab file.

krb5-keytabcachefile
path to credential cache file.

krb5-realm
domain name for account.

krb5-dnslookupkdc
Optional parameter in all contexts. Set to lookup KDCs in DNS. Boolean. Default is true.

krb5-udppreferencelimit
Optional parameter in all contexts. 1 means to always use tcp. MIT krb5 has a default value of 1465, and it prevents user setting more than 32700. Integer. Default is 1.

An example usage:

package main

import (
	"context"
	"database/sql"
	"flag"
	"fmt"
	"log"
	
	_ "github.com/bet365/go-mssqldb-auth-krb5"
	_ "github.com/microsoft/go-mssqldb"	
)

func main() {
	var (
		connectionString string
	)

	flag.StringVar(&connectionString, "connString", "", "Connection string")
	flag.Parse()

	// when the connection is opened it will use the krb5 Auth Provider created above.
	db, err := sql.Open("sqlserver", connectionString)
	if err != nil {
		log.Fatal(err)
	}

	ctx, cancel := context.WithCancel(context.Background())
	defer cancel()

	if err := db.Ping(); err != nil {
		log.Fatal(err)
	}

	sql := "select 1234"

	var value string
	err = db.QueryRowContext(ctx, sql).Scan(&value)
	if err != nil {
		log.Fatal(err)
	}

	fmt.Println(value)
}

Documentation

Overview

Package krb5 implements the integratedauth.IntegratedAuthenticator interface in order to provide kerberos/active directory (Windows) based authentication.

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrRequiredParametersMissing                     = errors.New("failed to create krb5 client from login parameters")
	ErrRealmRequiredWithUsernameAndPassword          = errors.New("krb5-realm is required to login with krb5 when using user id and password")
	ErrKrb5ConfigFileRequiredWithUsernameAndPassword = errors.New("krb5-configfile is required to login with krb5 when using user id and password")
	ErrUsernameRequiredWithKeytab                    = errors.New("user id is required to login with krb5 when using krb5-keytabfile")
	ErrRealmRequiredWithKeytab                       = errors.New("krb5-realm is required to login with krb5 when using krb5-keytabfile")
	ErrKrb5ConfigFileRequiredWithKeytab              = errors.New("krb5-configfile is required to login with krb5 when using krb5-keytabfile")
	ErrKrb5ConfigFileDoesNotExist                    = errors.New("krb5-configfile does not exist")
	ErrKeytabFileDoesNotExist                        = errors.New("krb5-keytabfile does not exist")
	ErrKrb5ConfigFileRequiredWithKeytabCache         = errors.New("krb5-configfile is required to login with krb5 when using krb5-keytabcachefile")
	ErrKeytabCacheFileDoesNotExist                   = errors.New("krb5-keytabcachefile does not exist")
)
View Source
var (
	AuthProviderFunc integratedauth.Provider = integratedauth.ProviderFunc(getAuth)
)

Functions

This section is empty.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL