kinit

package
v0.0.0-...-f927bc5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 30, 2025 License: AGPL-3.0 Imports: 15 Imported by: 0

Documentation

Overview

Package kinit provides utilities for interacting with a KDC (Key Distribution Center) for Kerberos5

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CertGetter 

type CertGetter interface {
	// GetCertificateBytes returns a new cert/key pair along with a CA for use with x509 Auth
	GetCertificateBytes(ctx context.Context) (*WindowsCAAndKeyPair, error)
}

CertGetter is an interface for getting a new cert/key pair along with a CA cert

type CommandConfig 

type CommandConfig struct {
	// AuthClient is a subset of the auth interface
	AuthClient windows.AuthInterface
	// User is the username of the database/AD user
	User string
	// Realm is the domain name
	Realm string
	// KDCHost is the key distribution center hostname (usually AD server)
	KDCHost string
	// AdminServer is the administration server hostname (usually AD server)
	AdminServer string
	// DataDir is the Teleport Data Directory
	DataDir string
	// LDAPCA is the Windows LDAP Certificate for client signing
	LDAPCA *x509.Certificate
	// LDAPCAPEM contains the same certificate as LDAPCA but in PEM format. It
	// can be used to embed the LDAPCA into files without needing to convert
	// it.
	LDAPCAPEM string
	// Command is a command generator that generates an executable command
	Command CommandGenerator
	// CertGetter is a Teleport Certificate getter that prepares an x509 certificate
	// for use with windows AD
	CertGetter CertGetter
}

CommandConfig is used to configure a kinit binary execution

type CommandGenerator 

type CommandGenerator interface {
	// CommandContext is a wrapper for creating a command
	CommandContext(ctx context.Context, name string, args ...string) *exec.Cmd
}

CommandGenerator is a small interface for wrapping *exec.Cmd

type CommandLineInitializer 

type CommandLineInitializer struct {

	// RealmName is the kerberos realm Name (domain Name, like `example.com`
	RealmName string
	// KDCHostName is the key distribution center host Name (usually AD host, like ad.example.com)
	KDCHostName string
	// AdminServerName is the admin server Name (usually AD host)
	AdminServerName string
	// contains filtered or unexported fields
}

CommandLineInitializer uses a command line `kinit` binary to provide a kerberos CCache

func NewCommandLineInitializer 

func NewCommandLineInitializer(config CommandConfig) *CommandLineInitializer

NewCommandLineInitializer returns a new command line initializer using a preinstalled `kinit` binary

func (*CommandLineInitializer) UseOrCreateCredentials 

func (k *CommandLineInitializer) UseOrCreateCredentials(ctx context.Context) (*credentials.CCache, *config.Config, error)

UseOrCreateCredentials uses an existing cacheData or creates a new one

func (*CommandLineInitializer) WriteKRB5Config 

func (k *CommandLineInitializer) WriteKRB5Config(path string) error

WriteKRB5Config writes a krb configuration to path

type DBCertGetter 

type DBCertGetter struct {
	// Auth is the auth client
	Auth windows.AuthInterface
	// KDCHostName is the Name of the key distribution center host
	KDCHostName string
	// RealmName is the kerberos realm Name (domain Name)
	RealmName string
	// AdminServerName is the Name of the admin server. Usually same as the KDC
	AdminServerName string
	// UserName is the database username
	UserName string
	// LDAPCA is the windows ldap certificate
	LDAPCA *x509.Certificate
}

DBCertGetter obtains a new cert/key pair along with the Teleport database CA

func (*DBCertGetter) GetCertificateBytes 

func (d *DBCertGetter) GetCertificateBytes(ctx context.Context) (*WindowsCAAndKeyPair, error)

GetCertificateBytes returns a new cert/key pem and the DB CA bytes

type PKInit 

type PKInit struct {
	// contains filtered or unexported fields
}

PKInit is a structure used for initializing a kerberos context

func New 

func New(provider Provider) *PKInit

New returns a new PKInit initializer

func (*PKInit) UseOrCreateCredentialsCache 

func (k *PKInit) UseOrCreateCredentialsCache(ctx context.Context) (*credentials.CCache, *config.Config, error)

UseOrCreateCredentialsCache uses or creates a credentials cacheData.

type Provider 

type Provider interface {
	// UseOrCreateCredentials uses or updates an existing cacheData or creates a new one
	UseOrCreateCredentials(ctx context.Context) (cache *credentials.CCache, conf *config.Config, err error)
}

Provider is a kinit provider capable of producing a credentials cacheData for kerberos

type WindowsCAAndKeyPair 

type WindowsCAAndKeyPair struct {
	// contains filtered or unexported fields
}

WindowsCAAndKeyPair is a wrapper around PEM bytes for Windows authentication

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.