Documentation
¶
Overview ¶
Package kerberos facilitiates communication with Intel® AMT devices to access the configuration-related and operational parameters for the kerberos service in the Intel® AMT.
Index ¶
- Constants
- type Body
- type ConfiguredEncryptionAlgorithms
- type EncryptionAlgorithm
- type GetCredentialCacheState_OUTPUT
- type KerberosSettingDataResponse
- type PullResponse
- type Response
- type ServicePrincipalProtocol
- type SetCredentialCacheState_INPUT
- type SettingData
- func (settingData SettingData) Enumerate() (response Response, err error)
- func (settingData SettingData) Get() (response Response, err error)
- func (settingData SettingData) GetCredentialCacheState() (response Response, err error)
- func (settingData SettingData) Pull(enumerationContext string) (response Response, err error)
- func (settingData SettingData) SetCredentialCacheState(enabled bool) (response Response, err error)
- type SupportedEncryptionAlgorithms
Constants ¶
const ( AMT_KerberosSettingData string = "AMT_KerberosSettingData" SetCredentialCacheState string = "SetCredentialCacheState" GetCredentialCacheState string = "GetCredentialCacheState" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Body ¶
type Body struct {
XMLName xml.Name `xml:"Body"`
GetResponse KerberosSettingDataResponse
EnumerateResponse common.EnumerateResponse
PullResponse PullResponse
GetCredentialCacheState_OUTPUT GetCredentialCacheState_OUTPUT
}
OUTPUTS Response Types
type ConfiguredEncryptionAlgorithms ¶
type ConfiguredEncryptionAlgorithms int
A 16-bit enumeration values that identifier the configured encryption algorithms used in Kerberos authentication. Note: While RC4-HMAC is supported, Intel recommends using AES256-CTS-HMAC-SHA1-96. Note: Intel AMT does not choose the encryption algorithm to configure based on the values specified by the user. Intel AMT attempts to enable RC4. If a Passphrase and Salt are provided, the AES suites are also configured.
ValueMap={0, 1, 2, ..}
Values={RC4-HMAC, AES128-CTS-HMAC-SHA1-96, AES256-CTS-HMAC-SHA1-96, Reserved}
type EncryptionAlgorithm ¶
type EncryptionAlgorithm int
A 16-bit enumeration value that identifiers the encryption algorithm used in Kerberos authentication.
ValueMap={0}
Values={RC4 encryption and HMAC authentication}
const (
EncryptionAlgorithmRC4EncryptionAndHMACAuthentication EncryptionAlgorithm = iota
)
type GetCredentialCacheState_OUTPUT ¶
type GetCredentialCacheState_OUTPUT struct {
XMLName xml.Name `xml:"GetCredentialCacheState_OUTPUT"`
Enabled bool `xml:"Enabled"`
ReturnValue int `xml:"ReturnValue"`
}
OUTPUTS Response Types
type KerberosSettingDataResponse ¶
type KerberosSettingDataResponse struct {
XMLName xml.Name `xml:"AMT_KerberosSettingData"`
ElementName string `xml:"ElementName,omitempty"` // The user-friendly name for this instance of SettingData. In addition, the user-friendly name can be used as an index property for a search or query. (Note: The name does not have to be unique within a namespace.)
InstanceID string `xml:"InstanceID,omitempty"` // Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following "preferred" algorithm: <OrgID>:<LocalID> Where <OrgID> and <LocalID> are separated by a colon (:), and where <OrgID> must include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID or that is a registered ID assigned to the business entity by a recognized global authority. (This requirement is similar to the <Schema Name>_<Class Name> structure of Schema class names.) In addition, to ensure uniqueness, <OrgID> must not contain a colon (:). When using this algorithm, the first colon to appear in InstanceID must appear between <OrgID> and <LocalID>. <LocalID> is chosen by the business entity and should not be reused to identify different underlying (real-world) elements. If the above "preferred" algorithm is not used, the defining entity must assure that the resulting InstanceID is not reused across any InstanceIDs produced by this or other providers for the NameSpace of this instance. For DMTF-defined instances, the "preferred" algorithm must be used with the <OrgID> set to CIM.
RealmName string `xml:"RealmName,omitempty"` // Kerberos Realm name.
ServicePrincipalName []string `xml:"ServicePrincipalName,omitempty"` // An array of strings, each of which names a distinct service principal.
ServicePrincipalProtocol []ServicePrincipalProtocol `xml:"ServicePrincipalProtocol"` // An array of 16-bit enumeration values, each of which corresponds to the string in the same position of ServicePrincipalName.
KeyVersion int `xml:"KeyVersion,omitempty"` // Key version number. User can update the value each time the master key is changed.
EncryptionAlgorithm EncryptionAlgorithm `xml:"EncryptionAlgorithm,omitempty"` // A 16-bit enumeration value that identifiers the encryption algorithm used in Kerberos authentication.
MasterKey []int `xml:"MasterKey"` // A 128-bit binary key value. MasterKey cannot be used if the key generation method is used (using the Passphrase property)
MaximumClockTolerance int `xml:"MaximumClockTolerance,omitempty"` // The number of minutes by which the clocks of the Intel® AMT device and the client and KDC can be out of sync - typically 5 minutes.
KrbEnabled bool `xml:"KrbEnabled"` // Indicates whether Kerberos authentication is enabled or disable.
Passphrase string `xml:"Passphrase,omitempty"` // Used when the key generation method is chosen (RFC 3961,3962). Salt and IterationCount must be supplied also.
Salt string `xml:"Salt,omitempty"` // Used when the key generation method is chosen (RFC 3961,3962)
IterationCount int `xml:"IterationCount,omitempty"` // Can be used when the key generation method is chosen (RFC 3961,3962)
SupportedEncryptionAlgorithms []SupportedEncryptionAlgorithms `xml:"SupportedEncryptionAlgorithms"` // A 16-bit enumeration values that identifier the supported encryption algorithms used in Kerberos authentication.
ConfiguredEncryptionAlgorithms []ConfiguredEncryptionAlgorithms `xml:"ConfiguredEncryptionAlgorithms"` // A 16-bit enumeration values that identifier the configured encryption algorithms used in Kerberos authentication.
}
OUTPUTS Response Types
type PullResponse ¶
type PullResponse struct {
XMLName xml.Name `xml:"PullResponse"`
KerberosSettingDataItems []KerberosSettingDataResponse `xml:"Items>AMT_KerberosSettingData"`
}
OUTPUTS Response Types
type Response ¶
type Response struct {
*client.Message
XMLName xml.Name `xml:"Envelope"`
Header message.Header `xml:"Header"`
Body Body `xml:"Body"`
}
OUTPUTS Response Types
type ServicePrincipalProtocol ¶
type ServicePrincipalProtocol int
An array of 16-bit enumeration values, each of which corresponds to the string in the same position of ServicePrincipalName. In Intel AMT Release 6.0 and later releases this field is not in use and has no impact
ValueMap={0, 1, 2, 3}
Values={HTTP Protocol definition, HTTPS Protocol definition, SOL&IDER protocol definition, SOL&IDER protocol definition (using SSL)}
const ( ServicePrincipalProtocolHTTPProtocoldefinition ServicePrincipalProtocol = iota ServicePrincipalProtocolHTTPSProtocoldefinition ServicePrincipalProtocolSOLAndIDERprotocoldefinition ServicePrincipalProtocolSOLAndIDERprotocoldefinitionUsingSSL )
type SetCredentialCacheState_INPUT ¶
type SetCredentialCacheState_INPUT struct {
XMLName xml.Name `xml:"h:SetCredentialCacheState_INPUT"`
H string `xml:"xmlns:h,attr"`
Enabled bool `xml:"h:Enabled"`
}
INPUTS Request Types
type SettingData ¶
type SettingData struct {
// contains filtered or unexported fields
}
func NewKerberosSettingDataWithClient ¶
func NewKerberosSettingDataWithClient(wsmanMessageCreator *message.WSManMessageCreator, client client.WSMan) SettingData
NewKerberosSettingDataWithClient instantiates a new kerberos SettingData
func (SettingData) Enumerate ¶
func (settingData SettingData) Enumerate() (response Response, err error)
Enumerate returns an enumeration context which is used in a subsequent Pull call
func (SettingData) Get ¶
func (settingData SettingData) Get() (response Response, err error)
Get retrieves the representation of the instance
func (SettingData) GetCredentialCacheState ¶
func (settingData SettingData) GetCredentialCacheState() (response Response, err error)
GetCredentialCacheState gets the current state of the credential caching functionality
func (SettingData) Pull ¶
func (settingData SettingData) Pull(enumerationContext string) (response Response, err error)
Pull returns the instances of this class. An enumeration context provided by the Enumerate call is used as input.
func (SettingData) SetCredentialCacheState ¶
func (settingData SettingData) SetCredentialCacheState(enabled bool) (response Response, err error)
SetCredentialCacheState enables/disables the credential caching functionality TODO: Current gets SOAP schema violation from AMT
type SupportedEncryptionAlgorithms ¶
type SupportedEncryptionAlgorithms int
A 16-bit enumeration values that identifier the supported encryption algorithms used in Kerberos authentication. Note: While RC4-HMAC is supported, Intel recommends using AES256-CTS-HMAC-SHA1-96.
ValueMap={0, 1, 2, ..}
Values={RC4-HMAC, AES128-CTS-HMAC-SHA1-96, AES256-CTS-HMAC-SHA1-96, Reserved}
const ( SupportedEncryptionAlgorithmsRC4HMAC SupportedEncryptionAlgorithms = iota SupportedEncryptionAlgorithmsAES128CTSHMACSHA196 SupportedEncryptionAlgorithmsAES256CTSHMACSHA196 )
const ( ConfiguredEncryptionAlgorithmsRC4HMAC SupportedEncryptionAlgorithms = iota ConfiguredEncryptionAlgorithmsAES128CTSHMACSHA196 ConfiguredEncryptionAlgorithmsAES256CTSHMACSHA196 )
Source Files