config

package

v0.0.0-...-fc028b1 Latest Latest Go to latest Published: May 31, 2017 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jrossi/gokrb5

Links

Open Source Insights

Documentation ¶

Overview ¶

Implements KRB5 client and service configuration as described at https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html

Index ¶

Constants
type Config
- func (c *Config) ResolveRealm(domainName string) string
type DomainRealm
type LibDefaults
type Realm

Constants ¶

View Source

const WEAK_ETYPE_LIST = "" /* 129-byte string literal not displayed */

List of encryption types that have been deemed weak.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	LibDefaults *LibDefaults
	Realms      []Realm
	DomainRealm DomainRealm
}

Struct representing the KRB5 configuration.

func Load ¶

func Load(cfgPath string) (*Config, error)

Load the KRB5 configuration from the specified file path.

func NewConfig ¶

func NewConfig() *Config

Create a new config struct.

func NewConfigFromReader ¶

func NewConfigFromReader(r io.Reader) (*Config, error)

Create a new Config struct from an io.Reader.

func NewConfigFromScanner ¶

func NewConfigFromScanner(scanner *bufio.Scanner) (*Config, error)

Create a new Config struct from a bufio.Scanner.

func NewConfigFromString ¶

func NewConfigFromString(s string) (*Config, error)

Create a new Config struct from a string.

func (*Config) ResolveRealm ¶

func (c *Config) ResolveRealm(domainName string) string

Resolve the realm for the specified domain name from the domain to realm mapping. The most specific mapping is returned.

type DomainRealm ¶

type DomainRealm map[string]string

Mapping of domains to realms representing the [domain_realm] section of the configuration.

type LibDefaults ¶

type LibDefaults struct {
	Allow_weak_crypto bool //default false
	// ap_req_checksum_type int //unlikely to support this
	Canonicalize bool          //default false
	Ccache_type  int           //default is 4. unlikely to implement older
	Clockskew    time.Duration //max allowed skew in seconds, default 300
	//Default_ccache_name string // default /tmp/krb5cc_%{uid} //Not implementing as will hold in memory
	Default_client_keytab_name string //default /usr/local/var/krb5/user/%{euid}/client.keytab
	Default_keytab_name        string //default /etc/krb5.keytab
	Default_realm              string
	Default_tgs_enctypes       []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
	Default_tkt_enctypes       []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
	Default_tgs_enctype_ids    []int    //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
	Default_tkt_enctype_ids    []int    //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
	Dns_canonicalize_hostname  bool     //default true
	Dns_lookup_kdc             bool     //default false
	Dns_lookup_realm           bool
	//extra_addresses []net.IPAddr //Not implementing yet
	Forwardable              bool           //default false
	Ignore_acceptor_hostname bool           //default false
	K5login_authoritative    bool           //default false
	K5login_directory        string         //default user's home directory. Must be owned by the user or root
	Kdc_default_options      asn1.BitString //default 0x00000010 (KDC_OPT_RENEWABLE_OK)
	Kdc_timesync             int            //default 1
	//kdc_req_checksum_type int //unlikely to implement as for very old KDCs
	Noaddresses           bool     //default true
	Permitted_enctypes    []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
	Permitted_enctype_ids []int
	//plugin_base_dir string //not supporting plugins
	Preferred_preauth_types []int         //default “17, 16, 15, 14”, which forces libkrb5 to attempt to use PKINIT if it is supported
	Proxiable               bool          //default false
	Rdns                    bool          //default true
	Realm_try_domains       int           //default -1
	Renew_lifetime          time.Duration //default 0
	Safe_checksum_type      int           //default 8
	Ticket_lifetime         time.Duration //default 1 day
	Udp_preference_limit    int           // 1 means to always use tcp. MIT krb5 has a default value of 1465, and it prevents user setting more than 32700.
	Verify_ap_req_nofail    bool          //default false
}

Struct representing the [libdefaults] section of the configuration.

type Realm ¶

type Realm struct {
	Realm        string
	Admin_server []string
	//auth_to_local //Not implementing for now
	//auth_to_local_names //Not implementing for now
	Default_domain string
	Kdc            []string
	Kpasswd_server []string //default admin_server:464
	Master_kdc     []string
}

Struct representing an entry in the [realms] section of the configuration.

Source Files ¶

View all Source files

krb5conf.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL