Documentation ¶
Overview ¶
Package credentials provides credentials management for Kerberos 5 authentication.
Index ¶
- Constants
- type ADCredentials
- type CCache
- func (c *CCache) Contains(p types.PrincipalName) bool
- func (c *CCache) GetClientCredentials() *Credentials
- func (c *CCache) GetClientPrincipalName() types.PrincipalName
- func (c *CCache) GetClientRealm() string
- func (c *CCache) GetEntries() []credential
- func (c *CCache) GetEntry(p types.PrincipalName) (credential, bool)
- type Credentials
- func (c *Credentials) AddAuthzAttribute(a string)
- func (c *Credentials) Attributes() map[string]interface{}
- func (c *Credentials) AuthTime() time.Time
- func (c *Credentials) Authenticated() bool
- func (c *Credentials) Authorized(a string) bool
- func (c *Credentials) AuthzAttributes() []string
- func (c *Credentials) DisableAuthzAttribute(a string)
- func (c *Credentials) DisplayName() string
- func (c *Credentials) Domain() string
- func (c *Credentials) EnableAuthzAttribute(a string)
- func (c *Credentials) Expired() bool
- func (c *Credentials) HasKeytab() bool
- func (c *Credentials) HasPassword() bool
- func (c *Credentials) Human() bool
- func (c *Credentials) RemoveAttribute(k string)
- func (c *Credentials) RemoveAuthzAttribute(a string)
- func (c *Credentials) SessionID() string
- func (c *Credentials) SetADCredentials(a ADCredentials)
- func (c *Credentials) SetAttribute(k string, v interface{})
- func (c *Credentials) SetAttributes(a map[string]interface{})
- func (c *Credentials) SetAuthTime(t time.Time)
- func (c *Credentials) SetAuthenticated(b bool)
- func (c *Credentials) SetDisplayName(s string)
- func (c *Credentials) SetDomain(s string)
- func (c *Credentials) SetHuman(b bool)
- func (c *Credentials) SetUserName(s string)
- func (c *Credentials) SetValidUntil(t time.Time)
- func (c *Credentials) UserName() string
- func (c *Credentials) WithKeytab(kt keytab.Keytab) *Credentials
- func (c *Credentials) WithPassword(password string) *Credentials
Constants ¶
const (
// AttributeKeyADCredentials assigned number for AD credentials.
AttributeKeyADCredentials = "gokrb5AttributeKeyADCredentials"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ADCredentials ¶
type ADCredentials struct { EffectiveName string FullName string UserID int PrimaryGroupID int LogOnTime time.Time LogOffTime time.Time PasswordLastSet time.Time GroupMembershipSIDs []string LogonDomainName string LogonDomainID string LogonServer string }
ADCredentials contains information obtained from the PAC.
type CCache ¶
type CCache struct { Version uint8 Header header DefaultPrincipal principal Credentials []credential Path string }
CCache is the file credentials cache as define here: https://web.mit.edu/kerberos/krb5-latest/doc/formats/ccache_file_format.html
func LoadCCache ¶
LoadCCache loads a credential cache file into a CCache type.
func ParseCCache ¶
ParseCCache byte slice of credential cache data into CCache type.
func (*CCache) Contains ¶
func (c *CCache) Contains(p types.PrincipalName) bool
Contains tests if the cache contains a credential for the provided server PrincipalName
func (*CCache) GetClientCredentials ¶
func (c *CCache) GetClientCredentials() *Credentials
GetClientCredentials returns a Credentials object representing the client of the credentials cache.
func (*CCache) GetClientPrincipalName ¶
func (c *CCache) GetClientPrincipalName() types.PrincipalName
GetClientPrincipalName returns a PrincipalName type for the client the credentials cache is for.
func (*CCache) GetClientRealm ¶
GetClientRealm returns the reals of the client the credentials cache is for.
func (*CCache) GetEntries ¶
func (c *CCache) GetEntries() []credential
GetEntries filters out configuration entries an returns a slice of credentials.
type Credentials ¶
type Credentials struct { Username string Realm string CName types.PrincipalName Keytab keytab.Keytab Password string ValidUntil time.Time // contains filtered or unexported fields }
Credentials struct for a user. Contains either a keytab, password or both. Keytabs are used over passwords if both are defined.
func NewCredentials ¶
func NewCredentials(username string, realm string) Credentials
NewCredentials creates a new Credentials instance.
func NewCredentialsFromPrincipal ¶
func NewCredentialsFromPrincipal(cname types.PrincipalName, realm string) Credentials
NewCredentialsFromPrincipal creates a new Credentials instance with the user details provides as a PrincipalName type.
func (*Credentials) AddAuthzAttribute ¶
func (c *Credentials) AddAuthzAttribute(a string)
AddAuthzAttribute adds an authorization attribute to the credential.
func (*Credentials) Attributes ¶
func (c *Credentials) Attributes() map[string]interface{}
func (*Credentials) AuthTime ¶
func (c *Credentials) AuthTime() time.Time
AuthTime returns the time the credential was authenticated.
func (*Credentials) Authenticated ¶
func (c *Credentials) Authenticated() bool
Authenticated indicates if the credential has been successfully authenticated or not.
func (*Credentials) Authorized ¶
func (c *Credentials) Authorized(a string) bool
Authorized indicates if the credential has the specified authorizing attribute.
func (*Credentials) AuthzAttributes ¶
func (c *Credentials) AuthzAttributes() []string
AuthzAttributes returns the credentials authorizing attributes.
func (*Credentials) DisableAuthzAttribute ¶
func (c *Credentials) DisableAuthzAttribute(a string)
DisableAuthzAttribute toggles an authorization attribute to a disabled state on the credential.
func (*Credentials) DisplayName ¶
func (c *Credentials) DisplayName() string
DisplayName returns the credential's display name.
func (*Credentials) Domain ¶
func (c *Credentials) Domain() string
Domain returns the credential's domain.
func (*Credentials) EnableAuthzAttribute ¶
func (c *Credentials) EnableAuthzAttribute(a string)
EnableAuthzAttribute toggles an authorization attribute to an enabled state on the credential.
func (*Credentials) Expired ¶
func (c *Credentials) Expired() bool
Expired indicates if the credential has expired.
func (*Credentials) HasKeytab ¶
func (c *Credentials) HasKeytab() bool
HasKeytab queries if the Credentials has a keytab defined.
func (*Credentials) HasPassword ¶
func (c *Credentials) HasPassword() bool
HasPassword queries if the Credentials has a password defined.
func (*Credentials) Human ¶
func (c *Credentials) Human() bool
Human returns if the credential represents a human or not.
func (*Credentials) RemoveAttribute ¶
func (c *Credentials) RemoveAttribute(k string)
func (*Credentials) RemoveAuthzAttribute ¶
func (c *Credentials) RemoveAuthzAttribute(a string)
RemoveAuthzAttribute removes an authorization attribute from the credential.
func (*Credentials) SessionID ¶
func (c *Credentials) SessionID() string
SessionID returns the credential's session ID.
func (*Credentials) SetADCredentials ¶
func (c *Credentials) SetADCredentials(a ADCredentials)
SetADCredentials adds ADCredentials attributes to the credentials
func (*Credentials) SetAttribute ¶
func (c *Credentials) SetAttribute(k string, v interface{})
func (*Credentials) SetAttributes ¶
func (c *Credentials) SetAttributes(a map[string]interface{})
func (*Credentials) SetAuthTime ¶
func (c *Credentials) SetAuthTime(t time.Time)
SetAuthTime sets the time the credential was authenticated.
func (*Credentials) SetAuthenticated ¶
func (c *Credentials) SetAuthenticated(b bool)
SetAuthenticated sets the credential as having been successfully authenticated.
func (*Credentials) SetDisplayName ¶
func (c *Credentials) SetDisplayName(s string)
SetDisplayName sets the display name value on the credential.
func (*Credentials) SetDomain ¶
func (c *Credentials) SetDomain(s string)
SetDomain sets the domain value on the credential.
func (*Credentials) SetHuman ¶
func (c *Credentials) SetHuman(b bool)
SetHuman sets the credential as human.
func (*Credentials) SetUserName ¶
func (c *Credentials) SetUserName(s string)
SetUserName sets the username value on the credential.
func (*Credentials) SetValidUntil ¶
func (c *Credentials) SetValidUntil(t time.Time)
SetValidUntil sets the expiry time of the credentials
func (*Credentials) UserName ¶
func (c *Credentials) UserName() string
UserName returns the credential's username.
func (*Credentials) WithKeytab ¶
func (c *Credentials) WithKeytab(kt keytab.Keytab) *Credentials
WithKeytab sets the Keytab in the Credentials struct.
func (*Credentials) WithPassword ¶
func (c *Credentials) WithPassword(password string) *Credentials
WithPassword sets the password in the Credentials struct.