kerberos

package

v0.0.0-...-7f1f45b Latest Latest Go to latest Published: Jan 10, 2025 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/zncdatadev/secret-operator

Documentation ¶

Index ¶

type Kadmin
- func NewKadmin(krb5Config *Krb5Config, adminPrincipal *string, adminKeytab []byte) *Kadmin
type Krb5Config

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Kadmin ¶

type Kadmin struct {
	// contains filtered or unexported fields
}

func NewKadmin ¶

func NewKadmin(
	krb5Config *Krb5Config,
	adminPrincipal *string,
	adminKeytab []byte,
) *Kadmin

func (*Kadmin) AddPrincipal ¶

func (k *Kadmin) AddPrincipal(principal string) error

AddPrincipal adds a new principal If a principal already exists, it kadmind not return an error. usage: https://web.mit.edu/kerberos/krb5-latest/doc/admin/admin_commands/kadmin_local.html#add-principal

func (*Kadmin) GetAdminKeytabPath ¶

func (k *Kadmin) GetAdminKeytabPath() (string, error)

GetAdminKeytabPath returns the path of the admin keytab file. If the admin keytab path is empty, use the temporary keytab file. If the admin keytab path already exists, it checks if the file exists and creates a new keytab file if it doesn't. It returns the admin keytab path and any error encountered during the process.

func (*Kadmin) GetAdminPrincipal ¶

func (k *Kadmin) GetAdminPrincipal() *string

func (*Kadmin) Ktadd ¶

func (k *Kadmin) Ktadd(principals ...string) ([]byte, error)

Ktadd generates a keytab file for the given principals Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [-norandkey] [principal | -glob princ-exp] [...]

func (*Kadmin) Query ¶

func (k *Kadmin) Query(query string) (result string, err error)

Query executes a kadmin query Example:

kadmin -kt admin.keytab -p admin/admin query "listprincs"
kadmin -kt admin.keytab -p admin/admin query "ktadd -k user1.keytab -norandkey user1"

Note:

When generating keytab file, use "-norandkey" flag, the admin user must
have "e" permission in kadm5.acl.

type Krb5Config ¶

type Krb5Config struct {
	Realm       string
	AdminServer string
	KDC         string
	// contains filtered or unexported fields
}

func (*Krb5Config) CheckSum ¶

func (c *Krb5Config) CheckSum() string

func (*Krb5Config) Content ¶

func (c *Krb5Config) Content() string

ref: https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html#sample-krb5-conf-file

func (*Krb5Config) GetRealm ¶

func (c *Krb5Config) GetRealm() string

func (*Krb5Config) GetTempPath ¶

func (c *Krb5Config) GetTempPath() (string, error)

func (*Krb5Config) Save ¶

func (c *Krb5Config) Save(path string) error

Default krb5.conf in Linux is /etc/krb5.conf, if you want to use custom krb5.conf file, you can set KRB5_CONFIG env.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL