Skip to content

Commit

Permalink
password support (#5)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Sireax
Sireax authored Jun 8, 2022
1 parent 2749fc9 commit 809ca31
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 6 deletions.
18 changes: 18 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,5 +25,23 @@ func init() {
}
```

You can also use keytab to log in:
```go
func init() {
pgconn.RegisterGSSProvider(func() (pgconn.GSS, error) {
return gopgkrb5.NewGSSWithKeytab("username", "DOMAIN.LOCAL", "/test.keytab")
})
}
```

or password:
```go
func init() {
pgconn.RegisterGSSProvider(func() (pgconn.GSS, error) {
return gopgkrb5.NewGSSWithPassword("username", "DOMAIN.LOCAL", "password")
})
}
```

All dependencies of [`jackc/pgconn`](https://github.com/jackc/pgconn), e.g. [`jackc/pgx`](https://github.com/jackc/pgx) will now be able to authenticate with
GSSAPI/krb5.
31 changes: 25 additions & 6 deletions krb_unix.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,9 @@ import (
type GSS struct {
cli *client.Client
ktPath string
realm string
spn string
realm string
username string
password string
}

// NewGSS creates a new GSS provider.
Expand All @@ -42,10 +43,25 @@ func NewGSS() (*GSS, error) {
return g, nil
}

func NewGSSWithKeytab(spn string, realm string, ktPath string) (*GSS, error) {
func NewGSSWithKeytab(username string, realm string, ktPath string) (*GSS, error) {
g := &GSS{}
g.ktPath = ktPath
g.spn = spn
g.username = username
g.realm = realm

err := g.init()

if err != nil {
return nil, err
}

return g, nil
}

func NewGSSWithPassword(username string, realm string, password string) (*GSS, error) {
g := &GSS{}
g.password = password
g.username = username
g.realm = realm

err := g.init()
Expand Down Expand Up @@ -76,14 +92,17 @@ func (g *GSS) init() error {
var cl *client.Client

// If we have keytab path set, we create client from keytab
// Or if we have password set, we log in by password
// Otherwise, we use ccache file
if g.ktPath != "" {
kt, err := keytab.Load(g.ktPath)
if err != nil {
panic(err)
return err
}

cl = client.NewWithKeytab(g.spn, g.realm, kt, cfg)
cl = client.NewWithKeytab(g.username, g.realm, kt, cfg)
} else if g.password != "" {
cl = client.NewWithPassword(g.username, g.realm, g.password, cfg)
} else {
ccpath := "/tmp/krb5cc_" + u.Uid

Expand Down

0 comments on commit 809ca31

Please sign in to comment.