Documentation
¶
Overview ¶
Package ntlm provides NTLM/Negotiate authentication for Bifrost. It supports Windows NTLM authentication as a fallback when Kerberos is not available.
Index ¶
- func IsNTLMChallengeRequired(err error) bool
- type Authenticator
- func (a *Authenticator) Authenticate(ctx context.Context, username, password string) (*auth.UserInfo, error)
- func (a *Authenticator) GenerateChallenge(negotiateMsg []byte, sessionID string) ([]byte, error)
- func (a *Authenticator) GetDomain() string
- func (a *Authenticator) Name() string
- func (a *Authenticator) Type() string
- func (a *Authenticator) ValidateAuthenticate(authMsg []byte, sessionID string) (*auth.UserInfo, error)
- type ContextKey
- type NTLMChallengeRequired
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsNTLMChallengeRequired ¶
IsNTLMChallengeRequired checks if an error indicates NTLM challenge is required.
Types ¶
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
Authenticator provides NTLM authentication.
func (*Authenticator) Authenticate ¶
func (a *Authenticator) Authenticate(ctx context.Context, username, password string) (*auth.UserInfo, error)
Authenticate validates NTLM credentials. For NTLM Negotiate auth, the NTLM token should be passed via context or as password. For direct auth, username should be DOMAIN\username or username@DOMAIN format, and password is the user's password.
func (*Authenticator) GenerateChallenge ¶
func (a *Authenticator) GenerateChallenge(negotiateMsg []byte, sessionID string) ([]byte, error)
GenerateChallenge generates an NTLM Type 2 (Challenge) message.
func (*Authenticator) GetDomain ¶
func (a *Authenticator) GetDomain() string
GetDomain returns the configured domain.
func (*Authenticator) Name ¶
func (a *Authenticator) Name() string
Name returns the authenticator name.
func (*Authenticator) Type ¶
func (a *Authenticator) Type() string
Type returns the authenticator type.
func (*Authenticator) ValidateAuthenticate ¶
func (a *Authenticator) ValidateAuthenticate(authMsg []byte, sessionID string) (*auth.UserInfo, error)
ValidateAuthenticate validates an NTLM Type 3 (Authenticate) message.
type ContextKey ¶
type ContextKey string
ContextKey is a type for context keys used by this package.
const ( // NTLMTokenContextKey is the context key for the NTLM token. NTLMTokenContextKey ContextKey = "ntlm_token" // NTLMChallengeContextKey is the context key for storing the NTLM challenge. NTLMChallengeContextKey ContextKey = "ntlm_challenge" )
type NTLMChallengeRequired ¶
type NTLMChallengeRequired struct {
Token []byte
}
NTLMChallengeRequired is returned when NTLM challenge-response is needed.
func (*NTLMChallengeRequired) Error ¶
func (e *NTLMChallengeRequired) Error() string
Source Files