Abhilash S.L | 3b49463 | 2019-07-16 15:51:09 +0530 | [diff] [blame] | 1 | package sarama |
| 2 | |
| 3 | import ( |
khenaidoo | 106c61a | 2021-08-11 18:05:46 -0400 | [diff] [blame] | 4 | krb5client "github.com/jcmturner/gokrb5/v8/client" |
| 5 | krb5config "github.com/jcmturner/gokrb5/v8/config" |
| 6 | "github.com/jcmturner/gokrb5/v8/keytab" |
| 7 | "github.com/jcmturner/gokrb5/v8/types" |
Abhilash S.L | 3b49463 | 2019-07-16 15:51:09 +0530 | [diff] [blame] | 8 | ) |
| 9 | |
| 10 | type KerberosGoKrb5Client struct { |
| 11 | krb5client.Client |
| 12 | } |
| 13 | |
| 14 | func (c *KerberosGoKrb5Client) Domain() string { |
| 15 | return c.Credentials.Domain() |
| 16 | } |
| 17 | |
| 18 | func (c *KerberosGoKrb5Client) CName() types.PrincipalName { |
| 19 | return c.Credentials.CName() |
| 20 | } |
| 21 | |
khenaidoo | 106c61a | 2021-08-11 18:05:46 -0400 | [diff] [blame] | 22 | // NewKerberosClient creates kerberos client used to obtain TGT and TGS tokens. |
| 23 | // It uses pure go Kerberos 5 solution (RFC-4121 and RFC-4120). |
| 24 | // uses gokrb5 library underlying which is a pure go kerberos client with some GSS-API capabilities. |
Abhilash S.L | 3b49463 | 2019-07-16 15:51:09 +0530 | [diff] [blame] | 25 | func NewKerberosClient(config *GSSAPIConfig) (KerberosClient, error) { |
| 26 | cfg, err := krb5config.Load(config.KerberosConfigPath) |
| 27 | if err != nil { |
| 28 | return nil, err |
| 29 | } |
| 30 | return createClient(config, cfg) |
| 31 | } |
| 32 | |
| 33 | func createClient(config *GSSAPIConfig, cfg *krb5config.Config) (KerberosClient, error) { |
| 34 | var client *krb5client.Client |
| 35 | if config.AuthType == KRB5_KEYTAB_AUTH { |
| 36 | kt, err := keytab.Load(config.KeyTabPath) |
| 37 | if err != nil { |
| 38 | return nil, err |
| 39 | } |
khenaidoo | 106c61a | 2021-08-11 18:05:46 -0400 | [diff] [blame] | 40 | client = krb5client.NewWithKeytab(config.Username, config.Realm, kt, cfg, krb5client.DisablePAFXFAST(config.DisablePAFXFAST)) |
Abhilash S.L | 3b49463 | 2019-07-16 15:51:09 +0530 | [diff] [blame] | 41 | } else { |
khenaidoo | 106c61a | 2021-08-11 18:05:46 -0400 | [diff] [blame] | 42 | client = krb5client.NewWithPassword(config.Username, |
| 43 | config.Realm, config.Password, cfg, krb5client.DisablePAFXFAST(config.DisablePAFXFAST)) |
Abhilash S.L | 3b49463 | 2019-07-16 15:51:09 +0530 | [diff] [blame] | 44 | } |
| 45 | return &KerberosGoKrb5Client{*client}, nil |
| 46 | } |