Documentation

Overview

    Package config implements KRB5 client and service configuration as described at https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html

    Index

    Constants

    View Source
    const WeakETypeList = "" /* 129-byte string literal not displayed */
    

      WeakETypeList is a list of encryption types that have been deemed weak.

      Variables

      This section is empty.

      Functions

      This section is empty.

      Types

      type Config

      type Config struct {
      	LibDefaults *LibDefaults
      	Realms      []Realm
      	DomainRealm DomainRealm
      }

        Config represents the KRB5 configuration.

        func Load

        func Load(cfgPath string) (*Config, error)

          Load the KRB5 configuration from the specified file path.

          func NewConfig

          func NewConfig() *Config

            NewConfig creates a new config struct instance.

            func NewConfigFromReader

            func NewConfigFromReader(r io.Reader) (*Config, error)

              NewConfigFromReader creates a new Config struct from an io.Reader.

              func NewConfigFromScanner

              func NewConfigFromScanner(scanner *bufio.Scanner) (*Config, error)

                NewConfigFromScanner creates a new Config struct from a bufio.Scanner.

                func NewConfigFromString

                func NewConfigFromString(s string) (*Config, error)

                  NewConfigFromString creates a new Config struct from a string.

                  func (*Config) ResolveRealm

                  func (c *Config) ResolveRealm(domainName string) string

                    ResolveRealm resolves the kerberos realm for the specified domain name from the domain to realm mapping. The most specific mapping is returned.

                    type DomainRealm

                    type DomainRealm map[string]string

                      DomainRealm maps the domains to realms representing the [domain_realm] section of the configuration.

                      type LibDefaults

                      type LibDefaults struct {
                      	AllowWeakCrypto bool //default false
                      	// ap_req_checksum_type int //unlikely to support this
                      	Canonicalize bool          //default false
                      	CCacheType   int           //default is 4. unlikely to implement older
                      	Clockskew    time.Duration //max allowed skew in seconds, default 300
                      	//Default_ccache_name string // default /tmp/krb5cc_%{uid} //Not implementing as will hold in memory
                      	DefaultClientKeytabName string //default /usr/local/var/krb5/user/%{euid}/client.keytab
                      	DefaultKeytabName       string //default /etc/krb5.keytab
                      	DefaultRealm            string
                      	DefaultTGSEnctypes      []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
                      	DefaultTktEnctypes      []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
                      	DefaultTGSEnctypeIDs    []int    //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
                      	DefaultTktEnctypeIDs    []int    //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
                      	DNSCanonicalizeHostname bool     //default true
                      	DNSLookupKDC            bool     //default false
                      	DNSLookupRealm          bool
                      	//extra_addresses []net.IPAddr //Not implementing yet
                      	Forwardable            bool           //default false
                      	IgnoreAcceptorHostname bool           //default false
                      	K5LoginAuthoritative   bool           //default false
                      	K5LoginDirectory       string         //default user's home directory. Must be owned by the user or root
                      	KDCDefaultOptions      asn1.BitString //default 0x00000010 (KDC_OPT_RENEWABLE_OK)
                      	KDCTimeSync            int            //default 1
                      	//kdc_req_checksum_type int //unlikely to implement as for very old KDCs
                      	NoAddresses         bool     //default true
                      	PermittedEnctypes   []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
                      	PermittedEnctypeIDs []int
                      	//plugin_base_dir string //not supporting plugins
                      	PreferredPreauthTypes []int         //default “17, 16, 15, 14”, which forces libkrb5 to attempt to use PKINIT if it is supported
                      	Proxiable             bool          //default false
                      	RDNS                  bool          //default true
                      	RealmTryDomains       int           //default -1
                      	RenewLifetime         time.Duration //default 0
                      	SafeChecksumType      int           //default 8
                      	TicketLifetime        time.Duration //default 1 day
                      	UDPPreferenceLimit    int           // 1 means to always use tcp. MIT krb5 has a default value of 1465, and it prevents user setting more than 32700.
                      	VerifyAPReqNofail     bool          //default false
                      }

                        LibDefaults represents the [libdefaults] section of the configuration.

                        type Realm

                        type Realm struct {
                        	Realm       string
                        	AdminServer []string
                        	//auth_to_local //Not implementing for now
                        	//auth_to_local_names //Not implementing for now
                        	DefaultDomain string
                        	KDC           []string
                        	KPasswdServer []string //default admin_server:464
                        	MasterKDC     []string
                        }

                          Realm represents an entry in the [realms] section of the configuration.

                          Source Files