Prince Pereira | c1c21d6 | 2021-04-22 08:38:15 +0000 | [diff] [blame^] | 1 | package sarama |
| 2 | |
| 3 | import ( |
| 4 | krb5client "gopkg.in/jcmturner/gokrb5.v7/client" |
| 5 | krb5config "gopkg.in/jcmturner/gokrb5.v7/config" |
| 6 | "gopkg.in/jcmturner/gokrb5.v7/keytab" |
| 7 | "gopkg.in/jcmturner/gokrb5.v7/types" |
| 8 | ) |
| 9 | |
| 10 | type KerberosGoKrb5Client struct { |
| 11 | krb5client.Client |
| 12 | } |
| 13 | |
| 14 | func (c *KerberosGoKrb5Client) Domain() string { |
| 15 | return c.Credentials.Domain() |
| 16 | } |
| 17 | |
| 18 | func (c *KerberosGoKrb5Client) CName() types.PrincipalName { |
| 19 | return c.Credentials.CName() |
| 20 | } |
| 21 | |
| 22 | /* |
| 23 | * |
| 24 | * Create kerberos client used to obtain TGT and TGS tokens |
| 25 | * used gokrb5 library, which is a pure go kerberos client with |
| 26 | * some GSS-API capabilities, and SPNEGO support. Kafka does not use SPNEGO |
| 27 | * it uses pure Kerberos 5 solution (RFC-4121 and RFC-4120). |
| 28 | * |
| 29 | */ |
| 30 | func NewKerberosClient(config *GSSAPIConfig) (KerberosClient, error) { |
| 31 | cfg, err := krb5config.Load(config.KerberosConfigPath) |
| 32 | if err != nil { |
| 33 | return nil, err |
| 34 | } |
| 35 | return createClient(config, cfg) |
| 36 | } |
| 37 | |
| 38 | func createClient(config *GSSAPIConfig, cfg *krb5config.Config) (KerberosClient, error) { |
| 39 | var client *krb5client.Client |
| 40 | if config.AuthType == KRB5_KEYTAB_AUTH { |
| 41 | kt, err := keytab.Load(config.KeyTabPath) |
| 42 | if err != nil { |
| 43 | return nil, err |
| 44 | } |
| 45 | client = krb5client.NewClientWithKeytab(config.Username, config.Realm, kt, cfg) |
| 46 | } else { |
| 47 | client = krb5client.NewClientWithPassword(config.Username, |
| 48 | config.Realm, config.Password, cfg) |
| 49 | } |
| 50 | return &KerberosGoKrb5Client{*client}, nil |
| 51 | } |