kerberos

package module

v0.0.0-...-840a253 Latest Latest Go to latest Published: Nov 27, 2023 License: BSD-3-Clause Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/YenchangChan/franz-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package kerberos provides Kerberos v5 sasl authentication.

Index ¶

func Kerberos(authFn func(context.Context) (Auth, error)) sasl.Mechanism
type Auth
- func (a Auth) AsMechanism() sasl.Mechanism
- func (a Auth) AsMechanismWithClose() sasl.Mechanism

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Kerberos ¶

func Kerberos(authFn func(context.Context) (Auth, error)) sasl.Mechanism

Kerberos returns a sasl mechanism that will call authFn whenever sasl authentication is needed. The returned Auth is used for a single session. Be sure to set PersistAfterAuth to true if you want the same underlying client to be reused for future authentication calls.

Types ¶

type Auth ¶

type Auth struct {
	// Client is a Kerberos client. This is not used if ClientFn is
	// non-nil.
	Client *client.Client

	// ClientFn returns a newly initialized Kerberos client. If this is
	// non-nil, it is used for every new sasl session and you must return a
	// new client every time. Regardless of all other docs, the client is
	// never persisted, because each client is assumed to be unique.
	//
	// This function is similar to the sarama's NewKerberosClientFunc
	// field.
	ClientFn func(context.Context) *client.Client

	// Service is the service name we will get a ticket for.
	Service string

	// PersistAfterAuth specifies whether the client should persist after
	// logging in or if it should be destroyed (the default).
	//
	// If persisting, we never call client.Destroy ourselves in the session
	// flow, and it is expected that you will return the same client in
	// every authFn. The client itself spins up a goroutine to
	// automatically renew sessions, thus if you return the same client,
	// nothing leaks, but if you return a new client on every call and set
	// PersistAfterAuth, goroutines will leak.
	//
	// Note that this field is ignored and clients are always destroyed if
	// ClientFn is non-nil. As well, AsMechanismWithClose can ensure the
	// Kerberos client is destroyed when you close your kgo.Client.
	PersistAfterAuth bool
}

Auth contains a Kerberos client and the service name that we will use to get a ticket for.

func (Auth) AsMechanism ¶

func (a Auth) AsMechanism() sasl.Mechanism

AsMechanism returns a sasl mechanism that will use a as credentials for all sasl sessions.

This is a shortcut for using the Kerberos function and is useful when you do not need to live-rotate credentials.

This option automatically sets Auth.PersistAfterAuth to true, because the client will be used for all authentications.

NOTE: This will NOT close the Kerberos client when a kgo.Client is closed. Use AsMechanismWithClose to opt into the Kerberos client automatically closing when you close your kgo.Client.

func (Auth) AsMechanismWithClose ¶

func (a Auth) AsMechanismWithClose() sasl.Mechanism

AsMechanismWithClose returns a sasl mechanism that will use a as credentials for all sasl sessions.

This is similar to AsMechanism, but also attachs the optional Close function to satisfy sasl.ClosingMechanism. This function persists the Kerberos client across all connections. The Kerberos client is destroyed when the kgo.Client is closed.

Source Files ¶

View all Source files

kerberos.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL