kerberos

Documentation

Overview

Package kerberos provides Kerberos/SPNEGO authentication for Bifrost. It supports Windows domain authentication via GSSAPI/SPNEGO tokens.

Index

• type Authenticator
  • func (a *Authenticator) Authenticate(ctx context.Context, username, password string) (*auth.UserInfo, error)
  • func (a *Authenticator) GetRealm() string
  • func (a *Authenticator) GetServicePrincipal() string
  • func (a *Authenticator) Name() string
  • func (a *Authenticator) ReloadKeytab() error
  • func (a *Authenticator) Type() string
• type ContextKey

Types

type Authenticator

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator provides Kerberos/SPNEGO authentication.

func (*Authenticator) Authenticate

func (a *Authenticator) Authenticate(ctx context.Context, username, password string) (*auth.UserInfo, error)

Authenticate validates a Kerberos ticket. For SPNEGO/Negotiate auth, the SPNEGO token should be passed via context. The password parameter can contain a base64-encoded SPNEGO token for convenience.

func (*Authenticator) GetRealm

func (a *Authenticator) GetRealm() string

GetRealm returns the configured realm.

func (*Authenticator) GetServicePrincipal

func (a *Authenticator) GetServicePrincipal() string

GetServicePrincipal returns the configured service principal.

func (*Authenticator) Name

func (a *Authenticator) Name() string

Name returns the authenticator name.

func (*Authenticator) ReloadKeytab

func (a *Authenticator) ReloadKeytab() error

ReloadKeytab reloads the keytab from the configured source.

func (*Authenticator) Type

func (a *Authenticator) Type() string

Type returns the authenticator type.

type ContextKey

type ContextKey string

ContextKey is a type for context keys used by this package.

const (
	// SPNEGOTokenContextKey is the context key for the SPNEGO token.
	SPNEGOTokenContextKey ContextKey = "kerberos_spnego_token" //nolint:gosec // G101: This is a context key name, not a credential
)