package service

Import Path
	github.com/jcmturner/gokrb5/v8/service (on go.dev)

Dependency Relation
	imports 15 packages, and imported by one package

Involved Source Files

	    APExchange.go
	    authenticator.go
	  d cache.go
		Package service provides server side integrations for Kerberos authentication.

	    settings.go
Package-Level Type Names (total 4)

	/* sort by: alphabet | popularity */
	 type Cache (struct)
		Cache for tickets received from clients keyed by fully qualified client name. Used to track replay of tickets.

		Methods (total 3)
			(*Cache) AddEntry(sname types.PrincipalName, a types.Authenticator)
				AddEntry adds an entry to the Cache.

			(*Cache) ClearOldEntries(d time.Duration)
				ClearOldEntries clears entries from the Cache that are older than the duration provided.

			(*Cache) IsReplay(sname types.PrincipalName, a types.Authenticator) bool
				IsReplay tests if the Authenticator provided is a replay within the duration defined. If this is not a replay add the entry to the cache for tracking.

		As Outputs Of (at least one exported)
			func GetReplayCache(d time.Duration) *Cache

	 type KRB5BasicAuthenticator (struct)
		KRB5BasicAuthenticator implements gokrb5.com/jcmturner/goidentity.Authenticator interface.
		It takes username and password so can be used for basic authentication.

		Fields (only one)
			BasicHeaderValue string
		Methods (total 2)
			( KRB5BasicAuthenticator) Authenticate() (i goidentity.Identity, ok bool, err error)
				Authenticate and return the identity. The boolean indicates if the authentication was successful.

			( KRB5BasicAuthenticator) Mechanism() string
				Mechanism returns the authentication mechanism.

		Implements (at least one exported)
			 KRB5BasicAuthenticator : github.com/jcmturner/goidentity/v6.Authenticator
		As Outputs Of (at least one exported)
			func NewKRB5BasicAuthenticator(headerVal string, krb5conf *config.Config, serviceSettings *Settings, clientSettings *client.Settings) KRB5BasicAuthenticator

	 type SessionMgr (interface)
		SessionMgr must provide a ways to:
		
		- Create new sessions and in the process add a value to the session under the key provided.
		
		- Get an existing session returning the value in the session under the key provided.
		Return nil bytes and/or error if there is no session.

		Methods (total 2)
			( SessionMgr) Get(r *http.Request, k string) ([]byte, error)
			( SessionMgr) New(w http.ResponseWriter, r *http.Request, k string, v []byte) error
		As Outputs Of (at least one exported)
			func (*Settings).SessionManager() SessionMgr
		As Inputs Of (at least one exported)
			func SessionManager(sm SessionMgr) func(*Settings)

	 type Settings (struct)
		Settings defines service side configuration settings.

		Fields (only one)
			Keytab *keytab.Keytab
		Methods (total 8)
			(*Settings) ClientAddress() types.HostAddress
				ClientAddress returns the client host address which has been provided to the service.

			(*Settings) DecodePAC() bool
				DecodePAC indicates whether the service should decode any PAC information present in the ticket.

			(*Settings) KeytabPrincipal() *types.PrincipalName
				KeytabPrincipal returns the principal name used to find the key in the keytab if it has been overridden.

			(*Settings) Logger() *log.Logger
				Logger returns the logger instances configured for the service. If none is configured nill will be returned.

			(*Settings) MaxClockSkew() time.Duration
				MaxClockSkew returns the maximum acceptable clock skew between the service and the issue time of kerberos tickets.
				If none is defined a duration of 5 minutes is returned.

			(*Settings) RequireHostAddr() bool
				RequireHostAddr indicates if the service should require the host address to be included in the ticket.

			(*Settings) SName() string
				SName returns the specific service name to the service.

			(*Settings) SessionManager() SessionMgr
				SessionManager returns any configured session manager.

		As Outputs Of (at least one exported)
			func NewSettings(kt *keytab.Keytab, settings ...func(*Settings)) *Settings
		As Inputs Of (at least 2)
			func NewKRB5BasicAuthenticator(headerVal string, krb5conf *config.Config, serviceSettings *Settings, clientSettings *client.Settings) KRB5BasicAuthenticator
			func VerifyAPREQ(APReq *messages.APReq, s *Settings) (bool, *credentials.Credentials, error)


Package-Level Functions (total 12)

	 func ClientAddress(h types.HostAddress) func(*Settings)
		ClientAddress used to configure service side with the clients host address to be used during validation.
		
		s := NewSettings(kt, ClientAddress(h))

	 func DecodePAC(b bool) func(*Settings)
		DecodePAC used to configure service side to enable/disable PAC decoding if the PAC is present.
		Defaults to enabled if not specified.
		
		s := NewSettings(kt, DecodePAC(false))

	 func GetReplayCache(d time.Duration) *Cache
		GetReplayCache returns a pointer to the Cache singleton.

	 func KeytabPrincipal(p string) func(*Settings)
		KeytabPrincipal used to override the principal name used to find the key in the keytab.
		
		s := NewSettings(kt, KeytabPrincipal("someaccount"))

	 func Logger(l *log.Logger) func(*Settings)
		Logger used to configure service side with a logger.
		
		s := NewSettings(kt, Logger(l))

	 func MaxClockSkew(d time.Duration) func(*Settings)
		MaxClockSkew used to configure service side with the maximum acceptable clock skew
		between the service and the issue time of kerberos tickets
		
		s := NewSettings(kt, MaxClockSkew(d))

	 func NewKRB5BasicAuthenticator(headerVal string, krb5conf *config.Config, serviceSettings *Settings, clientSettings *client.Settings) KRB5BasicAuthenticator
		NewKRB5BasicAuthenticator creates a new NewKRB5BasicAuthenticator

	 func NewSettings(kt *keytab.Keytab, settings ...func(*Settings)) *Settings
		NewSettings creates a new service Settings.

	 func RequireHostAddr(b bool) func(*Settings)
		RequireHostAddr used to configure service side to required host addresses to be specified in Kerberos tickets.
		
		s := NewSettings(kt, RequireHostAddr(true))

	 func SessionManager(sm SessionMgr) func(*Settings)
		SessionManager configures a session manager to establish sessions with clients to avoid excessive authentication challenges.
		
		s := NewSettings(kt, SessionManager(sm))

	 func SName(sname string) func(*Settings)
		SName used provide a specific service name to the service settings.
		
		s := NewSettings(kt, SName("HTTP/some.service.com"))

	 func VerifyAPREQ(APReq *messages.APReq, s *Settings) (bool, *credentials.Credentials, error)
		VerifyAPREQ verifies an AP_REQ sent to the service. Returns a boolean for if the AP_REQ is valid and the client's principal name and realm.

The pages are generated with Golds v0.6.7. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds.