Documentation
¶
Overview ¶
Package config implements KRB5 client and service configuration as described at https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html
Index ¶
Constants ¶
const WeakETypeList = "" /* 129-byte string literal not displayed */
WeakETypeList is a list of encryption types that have been deemed weak.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
LibDefaults LibDefaults
Realms []Realm
DomainRealm DomainRealm
}
Config represents the KRB5 configuration.
func NewConfigFromReader ¶
NewConfigFromReader creates a new Config struct from an io.Reader.
func NewConfigFromScanner ¶
NewConfigFromScanner creates a new Config struct from a bufio.Scanner.
func NewConfigFromString ¶
NewConfigFromString creates a new Config struct from a string.
func (*Config) GetKDCs ¶
GetKDCs returns the count of KDCs available and a map of KDC host names keyed on preference order.
func (*Config) GetKpasswdServers ¶
GetKpasswdServers returns the count of kpasswd servers available and a map of kpasswd host names keyed on preference order. https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html#realms - see kpasswd_server section
func (*Config) ResolveRealm ¶
ResolveRealm resolves the kerberos realm for the specified domain name from the domain to realm mapping. The most specific mapping is returned.
type DomainRealm ¶
DomainRealm maps the domains to realms representing the [domain_realm] section of the configuration.
type Invalid ¶
type Invalid struct {
// contains filtered or unexported fields
}
Invalid config error.
func InvalidErrorf ¶
InvalidErrorf creates a new Invalid error.
type LibDefaults ¶
type LibDefaults struct {
AllowWeakCrypto bool //default false
// ap_req_checksum_type int //unlikely to support this
Canonicalize bool //default false
CCacheType int //default is 4. unlikely to implement older
Clockskew time.Duration //max allowed skew in seconds, default 300
//Default_ccache_name string // default /tmp/krb5cc_%{uid} //Not implementing as will hold in memory
DefaultClientKeytabName string //default /usr/local/var/krb5/user/%{euid}/client.keytab
DefaultKeytabName string //default /etc/krb5.keytab
DefaultRealm string
DefaultTGSEnctypes []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
DefaultTktEnctypes []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
DefaultTGSEnctypeIDs []int32 //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
DefaultTktEnctypeIDs []int32 //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
DNSCanonicalizeHostname bool //default true
DNSLookupKDC bool //default false
DNSLookupRealm bool
ExtraAddresses []net.IP //Not implementing yet
Forwardable bool //default false
IgnoreAcceptorHostname bool //default false
K5LoginAuthoritative bool //default false
K5LoginDirectory string //default user's home directory. Must be owned by the user or root
KDCDefaultOptions asn1.BitString //default 0x00000010 (KDC_OPT_RENEWABLE_OK)
KDCTimeSync int //default 1
//kdc_req_checksum_type int //unlikely to implement as for very old KDCs
NoAddresses bool //default true
PermittedEnctypes []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
PermittedEnctypeIDs []int32
//plugin_base_dir string //not supporting plugins
PreferredPreauthTypes []int //default “17, 16, 15, 14”, which forces libkrb5 to attempt to use PKINIT if it is supported
Proxiable bool //default false
RDNS bool //default true
RealmTryDomains int //default -1
RenewLifetime time.Duration //default 0
SafeChecksumType int //default 8
TicketLifetime time.Duration //default 1 day
UDPPreferenceLimit int // 1 means to always use tcp. MIT krb5 has a default value of 1465, and it prevents user setting more than 32700.
VerifyAPReqNofail bool //default false
}
LibDefaults represents the [libdefaults] section of the configuration.
type Realm ¶
type Realm struct {
Realm string
AdminServer []string
//auth_to_local //Not implementing for now
//auth_to_local_names //Not implementing for now
DefaultDomain string
KDC []string
KPasswdServer []string //default admin_server:464
MasterKDC []string
}
Realm represents an entry in the [realms] section of the configuration.
type UnsupportedDirective ¶
type UnsupportedDirective struct {
// contains filtered or unexported fields
}
UnsupportedDirective error.
func (UnsupportedDirective) Error ¶
func (e UnsupportedDirective) Error() string
Error implements the error interface for unsupported directives.
Source Files