kerberos

package
v2.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 30, 2024 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package kerberos facilitiates communication with Intel® AMT devices to access the configuration-related and operational parameters for the kerberos service in the Intel® AMT.

Index

Constants

View Source
const (
	AMT_KerberosSettingData string = "AMT_KerberosSettingData"
	SetCredentialCacheState string = "SetCredentialCacheState"
	GetCredentialCacheState string = "GetCredentialCacheState"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Body

type Body struct {
	XMLName                        xml.Name `xml:"Body"`
	GetResponse                    KerberosSettingDataResponse
	EnumerateResponse              common.EnumerateResponse
	PullResponse                   PullResponse
	GetCredentialCacheState_OUTPUT GetCredentialCacheState_OUTPUT
	SetCredentialCacheState_OUTPUT SetCredentialCacheState_OUTPUT
}

OUTPUTS Response Types

type ConfiguredEncryptionAlgorithms

type ConfiguredEncryptionAlgorithms int

A 16-bit enumeration values that identifier the configured encryption algorithms used in Kerberos authentication. Note: While RC4-HMAC is supported, Intel recommends using AES256-CTS-HMAC-SHA1-96. Note: Intel AMT does not choose the encryption algorithm to configure based on the values specified by the user. Intel AMT attempts to enable RC4. If a Passphrase and Salt are provided, the AES suites are also configured.

ValueMap={0, 1, 2, ..}

Values={RC4-HMAC, AES128-CTS-HMAC-SHA1-96, AES256-CTS-HMAC-SHA1-96, Reserved}

const (
	ConfiguredEncryptionAlgorithmsRC4HMAC ConfiguredEncryptionAlgorithms = iota
	ConfiguredEncryptionAlgorithmsAES128CTSHMACSHA196
	ConfiguredEncryptionAlgorithmsAES256CTSHMACSHA196
)

func (ConfiguredEncryptionAlgorithms) String added in v2.2.4

String returns the string representation of the ConfiguredEncryptionAlgorithms value

type EncryptionAlgorithm

type EncryptionAlgorithm int

A 16-bit enumeration value that identifiers the encryption algorithm used in Kerberos authentication.

ValueMap={0}

Values={RC4 encryption and HMAC authentication}

const (
	EncryptionAlgorithmRC4EncryptionAndHMACAuthentication EncryptionAlgorithm = iota
)

type GetCredentialCacheState_OUTPUT

type GetCredentialCacheState_OUTPUT struct {
	XMLName     xml.Name    `xml:"GetCredentialCacheState_OUTPUT"`
	Enabled     bool        `xml:"Enabled"`
	ReturnValue ReturnValue `xml:"ReturnValue"`
}

OUTPUTS Response Types

type KerberosSettingDataResponse

type KerberosSettingDataResponse struct {
	XMLName                        xml.Name                         `xml:"AMT_KerberosSettingData"`
	ElementName                    string                           `xml:"ElementName,omitempty"`           // The user-friendly name for this instance of SettingData. In addition, the user-friendly name can be used as an index property for a search or query. (Note: The name does not have to be unique within a namespace.)
	InstanceID                     string                           `xml:"InstanceID,omitempty"`            // Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following "preferred" algorithm:	<OrgID>:<LocalID>	Where <OrgID> and <LocalID> are separated by a colon (:), and where <OrgID> must include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID or that is a registered ID assigned to the business entity by a recognized global authority. (This requirement is similar to the <Schema Name>_<Class Name> structure of Schema class names.) In addition, to ensure uniqueness, <OrgID> must not contain a colon (:). When using this algorithm, the first colon to appear in InstanceID must appear between <OrgID> and <LocalID>.	<LocalID> is chosen by the business entity and should not be reused to identify different underlying (real-world) elements. If the above "preferred" algorithm is not used, the defining entity must assure that the resulting InstanceID is not reused across any InstanceIDs produced by this or other providers for the NameSpace of this instance.	For DMTF-defined instances, the "preferred" algorithm must be used with the <OrgID> set to CIM.
	RealmName                      string                           `xml:"RealmName,omitempty"`             // Kerberos Realm name.
	ServicePrincipalName           []string                         `xml:"ServicePrincipalName,omitempty"`  // An array of strings, each of which names a distinct service principal.
	ServicePrincipalProtocol       []ServicePrincipalProtocol       `xml:"ServicePrincipalProtocol"`        // An array of 16-bit enumeration values, each of which corresponds to the string in the same position of ServicePrincipalName.
	KeyVersion                     int                              `xml:"KeyVersion,omitempty"`            // Key version number. User can update the value each time the master key is changed.
	EncryptionAlgorithm            EncryptionAlgorithm              `xml:"EncryptionAlgorithm,omitempty"`   // A 16-bit enumeration value that identifiers the encryption algorithm used in Kerberos authentication.
	MasterKey                      []int                            `xml:"MasterKey"`                       // A 128-bit binary key value. MasterKey cannot be used if the key generation method is used (using the Passphrase property)
	MaximumClockTolerance          int                              `xml:"MaximumClockTolerance,omitempty"` // The number of minutes by which the clocks of the Intel® AMT device and the client and KDC can be out of sync - typically 5 minutes.
	KrbEnabled                     bool                             `xml:"KrbEnabled"`                      // Indicates whether Kerberos authentication is enabled or disable.
	Passphrase                     string                           `xml:"Passphrase,omitempty"`            // Used when the key generation method is chosen (RFC 3961,3962). Salt and IterationCount must be supplied also.
	Salt                           string                           `xml:"Salt,omitempty"`                  // Used when the key generation method is chosen (RFC 3961,3962)
	IterationCount                 int                              `xml:"IterationCount,omitempty"`        // Can be used when the key generation method is chosen (RFC 3961,3962)
	SupportedEncryptionAlgorithms  []SupportedEncryptionAlgorithms  `xml:"SupportedEncryptionAlgorithms"`   // A 16-bit enumeration values that identifier the supported encryption algorithms used in Kerberos authentication.
	ConfiguredEncryptionAlgorithms []ConfiguredEncryptionAlgorithms `xml:"ConfiguredEncryptionAlgorithms"`  // A 16-bit enumeration values that identifier the configured encryption algorithms used in Kerberos authentication.
}

OUTPUTS Response Types

type PullResponse

type PullResponse struct {
	XMLName                  xml.Name                      `xml:"PullResponse"`
	KerberosSettingDataItems []KerberosSettingDataResponse `xml:"Items>AMT_KerberosSettingData"`
}

OUTPUTS Response Types

type Response

type Response struct {
	*client.Message
	XMLName xml.Name       `xml:"Envelope"`
	Header  message.Header `xml:"Header"`
	Body    Body           `xml:"Body"`
}

OUTPUTS Response Types

func (*Response) JSON

func (r *Response) JSON() string

JSON marshals the type into JSON format

func (*Response) YAML

func (r *Response) YAML() string

YAML marshals the type into YAML format

type ReturnValue added in v2.2.4

type ReturnValue int

ReturnValue is a 16-bit enumeration value that indicates the success or failure of an operation.

const (
	ReturnValueSuccess ReturnValue = iota
	ReturnValueNotSupported
	ReturnValueUnspecifiedError
	ReturnValueUnsupportedParameter
	ReturnValueNoKerberosRealmName
	ReturnValueNoServicePrincipalName
	ReturnValueNoServicePrincipalProtocol
	ReturnValueNoKeyVersion
	ReturnValueNoEncryptionAlgorithm
	ReturnValueNoMasterKey
	ReturnValueNoMaximumClockTolerance
	ReturnValueNoKerberosEnabled
	ReturnValueNoPassphrase
	ReturnValueNoSalt
	ReturnValueNoIterationCount
	ReturnValueNoSupportedEncryptionAlgorithms
	ReturnValueNoConfiguredEncryptionAlgorithms
)

func (ReturnValue) String added in v2.2.4

func (r ReturnValue) String() string

ConvertReturnValueToString returns the string representation of the ReturnValue value

type ServicePrincipalProtocol

type ServicePrincipalProtocol int

An array of 16-bit enumeration values, each of which corresponds to the string in the same position of ServicePrincipalName. In Intel AMT Release 6.0 and later releases this field is not in use and has no impact

ValueMap={0, 1, 2, 3}

Values={HTTP Protocol definition, HTTPS Protocol definition, SOL&IDER protocol definition, SOL&IDER protocol definition (using SSL)}

const (
	ServicePrincipalProtocolHTTPProtocolDefinition ServicePrincipalProtocol = iota
	ServicePrincipalProtocolHTTPSProtocolDefinition
	ServicePrincipalProtocolSOLAndIDERProtocolDefinition
	ServicePrincipalProtocolSOLAndIDERProtocolDefinitionUsingSSL
)

func (ServicePrincipalProtocol) String added in v2.2.4

func (s ServicePrincipalProtocol) String() string

String returns the string representation of the ServicePrincipalProtocol value

type SetCredentialCacheState_INPUT

type SetCredentialCacheState_INPUT struct {
	XMLName xml.Name `xml:"h:SetCredentialCacheState_INPUT"`
	H       string   `xml:"xmlns:h,attr"`
	Enabled bool     `xml:"h:Enabled"`
}

INPUTS Request Types

type SetCredentialCacheState_OUTPUT added in v2.2.4

type SetCredentialCacheState_OUTPUT struct {
	XMLName     xml.Name    `xml:"SetCredentialCacheState_OUTPUT"`
	ReturnValue ReturnValue `xml:"ReturnValue"`
}

OUTPUTS Response Types

type SettingData

type SettingData struct {
	// contains filtered or unexported fields
}

func NewKerberosSettingDataWithClient

func NewKerberosSettingDataWithClient(wsmanMessageCreator *message.WSManMessageCreator, client client.WSMan) SettingData

NewKerberosSettingDataWithClient instantiates a new kerberos SettingData

func (SettingData) Enumerate

func (settingData SettingData) Enumerate() (response Response, err error)

Enumerate returns an enumeration context which is used in a subsequent Pull call

func (SettingData) Get

func (settingData SettingData) Get() (response Response, err error)

Get retrieves the representation of the instance

func (SettingData) GetCredentialCacheState

func (settingData SettingData) GetCredentialCacheState() (response Response, err error)

GetCredentialCacheState gets the current state of the credential caching functionality

func (SettingData) Pull

func (settingData SettingData) Pull(enumerationContext string) (response Response, err error)

Pull returns the instances of this class. An enumeration context provided by the Enumerate call is used as input.

func (SettingData) SetCredentialCacheState

func (settingData SettingData) SetCredentialCacheState(enabled bool) (response Response, err error)

SetCredentialCacheState enables/disables the credential caching functionality TODO: Current gets SOAP schema violation from AMT

type SupportedEncryptionAlgorithms

type SupportedEncryptionAlgorithms int

A 16-bit enumeration values that identifier the supported encryption algorithms used in Kerberos authentication. Note: While RC4-HMAC is supported, Intel recommends using AES256-CTS-HMAC-SHA1-96.

ValueMap={0, 1, 2, ..}

Values={RC4-HMAC, AES128-CTS-HMAC-SHA1-96, AES256-CTS-HMAC-SHA1-96, Reserved}

const (
	SupportedEncryptionAlgorithmsRC4HMAC SupportedEncryptionAlgorithms = iota
	SupportedEncryptionAlgorithmsAES128CTSHMACSHA196
	SupportedEncryptionAlgorithmsAES256CTSHMACSHA196
)

func (SupportedEncryptionAlgorithms) String added in v2.2.4

String returns the string representation of the SupportedEncryptionAlgorithms value

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL