Skip to content

Version 7 API Refactor
Compare
Choose a tag to compare
@jcmturner jcmturner released this 26 Jan 13:53
· 104 commits to master since this release
v7.0.0
3d2f1b3

Version 7

Version 7 is a significant refactor and review of the API.

Below are the most significant changes to the API.
Not all changes are covered here.

Client Configuration

KRB5 Configuration

In previous versions of gokrb5 a client would be created with a constructor
function and then the WithConfig function would be used to provide krb5
configuration. In v7 the constructor takes the krb configuration as an argument.

cl := client.NewClientWithKeytab("username", "REALM.COM", kt, cfg)

Optional Client Settings

Perviously optional settings on the client could be made by updating field values
on the client's GoKrb5Conf cl.GoKrb5Conf.DisablePAFXFast = true. In v7 these
settings are provided to the constructor. For example:

cl := client.NewClientWithPassword("username", "REALM.COM", "password", cfg, client.DisablePAFXFAST(true))

Client SPNEGO

In previous versions there was a SetSPNEGOHeader method on the client.
In v7 the is a SetSPNEGOHeader function that takes a pointer to a client stuct
as an argument:

err := SetSPNEGOHeader(&cl, r, "")

Service SPNEGO

In previous versions configuring a http handler to be wrapped in SPNEGO authentication
would require a service configuration struct and a logger to be passed as arguments.
In v7 the http handler, point to keytab and optional settings are passed:

spnego.SPNEGOKRB5Authenticate(inner, &kt, service.Logger(l))

GSS-API and SPNEGO

The GSS-API, SPNEGO interfaces have been fully refactored in v7.
Perviously SPNEGO functionality was part of the gssapi package.
There are now separate gssapi and spngeo packages.

Other Public Function and Field Changes

TGS Exchange

The TGSExchange function would generate the TGS_REQ message and then exchange
it with the KDC. In v7 this now takes the TGS_REQ message as an argument.
The new TGSREQGenerateAndExchange function is the v7 equivalent of previous
versions' TGSExchange function.

Client AddSession

In previous versions AddSession was a public method. In v7 this is now private.

Client Credentials

Many of the client credentials' fields have been made private. Public methods have
now been provided to access the values.

The functions for creating a new client credentials instance has been renamed from
credentials.NewCredentials to credentials.New and from NewCredentialsFromPrincipal
to NewFromPrincipal . This is to eliminate the
stutter in the code style.

Keytab

New Keytab

The function for creating a new keytab instance has been renamed from
keytab.NewKeytab to keytab.New. This is to eliminate the
stutter in the code style.

Parsing Keytab Bytes

In previous versions a stream of bytes would be read into a keytab instance using
the keytab.Parse function. This has been replaced with an Unmarshal method
on the keytab struct.

Pincipal Name as String

Previously there was a GetPrincipalNameString to return a principal name as
a string. The name of this method has been simplified to PrincipalNameString

AP_REQ Verification

Previously the function ValidateAPREQ was available to verify an AP_REQ. As
part of achieving consistency throughout the codebase use of validate and
verify has been reviewed ValidateAPREQ has been renamed VerifyAPREQ.

Assets 2
Loading