Documentation
¶
Overview ¶
A client for Kerberos 5 authentication.
Index ¶
- func SetSPNEGOHeader(creds credentials.Credentials, tkt messages.Ticket, ...) error
- type Cache
- type CacheEntry
- type Client
- func (cl *Client) ASExchange() error
- func (cl *Client) EnableAutoSessionRenewal()
- func (cl *Client) GetCachedTicket(spn string) (messages.Ticket, types.EncryptionKey, bool)
- func (cl *Client) GetServiceTicket(spn string) (messages.Ticket, types.EncryptionKey, error)
- func (cl *Client) IsConfigured() bool
- func (cl *Client) LoadConfig(cfgPath string) (*Client, error)
- func (cl *Client) Login() error
- func (cl *Client) RenewTGT() error
- func (cl *Client) RenewTicket(e CacheEntry) (CacheEntry, error)
- func (cl *Client) SendToKDC(b []byte) ([]byte, error)
- func (cl *Client) SetSPNEGOHeader(r *http.Request, spn string) error
- func (cl *Client) TGSExchange(spn types.PrincipalName, tkt messages.Ticket, sessionKey types.EncryptionKey, ...) (tgsReq messages.TGSReq, tgsRep messages.TGSRep, err error)
- func (cl *Client) WithConfig(cfg *config.Config) *Client
- type Config
- type Session
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SetSPNEGOHeader ¶
func SetSPNEGOHeader(creds credentials.Credentials, tkt messages.Ticket, sessionKey types.EncryptionKey, r *http.Request) error
Types ¶
type Cache ¶
type Cache struct {
Entries map[string]CacheEntry
}
Client ticket cache.
func (*Cache) AddEntry ¶
func (c *Cache) AddEntry(tkt messages.Ticket, authTime, startTime, endTime, renewTill time.Time, sessionKey types.EncryptionKey) CacheEntry
Add a ticket to the cache.
func (*Cache) GetEntry ¶
func (c *Cache) GetEntry(spn string) (CacheEntry, bool)
Get a cache entry that matches the SPN.
func (*Cache) RemoveEntry ¶
Remove the cache entry for the defined SPN.
type CacheEntry ¶
type CacheEntry struct {
Ticket messages.Ticket
AuthTime time.Time
StartTime time.Time
EndTime time.Time
RenewTill time.Time
SessionKey types.EncryptionKey
}
Ticket cache entry.
type Client ¶
type Client struct {
Credentials *credentials.Credentials
Config *config.Config
GoKrb5Conf *Config
Session *Session
Cache *Cache
}
Client struct.
func NewClientWithKeytab ¶
Create a new client with a keytab credential.
func NewClientWithPassword ¶
Create a new client with a password credential.
func (*Client) ASExchange ¶
Perform an AS exchange for the client to retrieve a TGT.
func (*Client) EnableAutoSessionRenewal ¶
func (cl *Client) EnableAutoSessionRenewal()
Enable the automatic renewal for the client's TGT session.
func (*Client) GetCachedTicket ¶
Get a ticket from the cache for the SPN. Only a ticket that is currently valid will be returned.
func (*Client) GetServiceTicket ¶
Make a request to get a service ticket for the SPN specified SPN format: <SERVICE>/<FQDN> Eg. HTTP/www.example.com The ticket will be added to the client's ticket cache
func (*Client) IsConfigured ¶
Has the client got sufficient values required.
func (*Client) LoadConfig ¶
Load the Kerberos configuration for the client from file path specified.
func (*Client) RenewTicket ¶
func (cl *Client) RenewTicket(e CacheEntry) (CacheEntry, error)
Renew a cache entry ticket
func (*Client) SetSPNEGOHeader ¶
Get service ticket and set as the SPNEGO authorization header on HTTP request object. To auto generate the SPN from the request object pass a null string "".
func (*Client) TGSExchange ¶
func (cl *Client) TGSExchange(spn types.PrincipalName, tkt messages.Ticket, sessionKey types.EncryptionKey, renewal bool) (tgsReq messages.TGSReq, tgsRep messages.TGSRep, err error)
Perform a TGS exchange to retrieve a ticket to the specified SPN. The ticket retrieved is added to the client's cache.
Source Files