Compare commits
No commits in common. "21e66f1d0b35a293cf600c4f62df93e2bb803790" and "bc75accce73c94d1d1a7e74c030083ab78ffee97" have entirely different histories.
21e66f1d0b
...
bc75accce7
5 changed files with 31 additions and 29 deletions
|
|
@ -12,4 +12,6 @@ FROM scratch
|
||||||
COPY --from=builder /checker-kerberos /checker-kerberos
|
COPY --from=builder /checker-kerberos /checker-kerberos
|
||||||
USER 65534:65534
|
USER 65534:65534
|
||||||
EXPOSE 8080
|
EXPOSE 8080
|
||||||
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
||||||
|
CMD ["/checker-kerberos", "-healthcheck"]
|
||||||
ENTRYPOINT ["/checker-kerberos"]
|
ENTRYPOINT ["/checker-kerberos"]
|
||||||
|
|
|
||||||
|
|
@ -59,4 +59,4 @@ KDC over the network as part of an authenticated round-trip. It is
|
||||||
meant to run on a trusted network, reachable only by the happyDomain
|
meant to run on a trusted network, reachable only by the happyDomain
|
||||||
instance that drives it. Restrict access via a reverse proxy with
|
instance that drives it. Restrict access via a reverse proxy with
|
||||||
authentication, a network ACL, or by binding the listener to a private
|
authentication, a network ACL, or by binding the listener to a private
|
||||||
interface — do not expose it directly to the public internet.
|
interface; do not expose it directly to the public internet.
|
||||||
|
|
|
||||||
|
|
@ -12,31 +12,31 @@ import (
|
||||||
// Rule codes emitted by the kerberos rules. Keep these stable; UI / metrics
|
// Rule codes emitted by the kerberos rules. Keep these stable; UI / metrics
|
||||||
// may match on them.
|
// may match on them.
|
||||||
const (
|
const (
|
||||||
CodeSRVOK = "kerberos.srv.ok"
|
CodeSRVOK = "kerberos.srv.ok"
|
||||||
CodeNoSRV = "kerberos.srv.missing"
|
CodeNoSRV = "kerberos.srv.missing"
|
||||||
CodeKDCReachableOK = "kerberos.kdc.reachable"
|
CodeKDCReachableOK = "kerberos.kdc.reachable"
|
||||||
CodeKDCUnreachable = "kerberos.kdc.unreachable"
|
CodeKDCUnreachable = "kerberos.kdc.unreachable"
|
||||||
CodeKDCPartial = "kerberos.kdc.partial"
|
CodeKDCPartial = "kerberos.kdc.partial"
|
||||||
CodeASProbeOK = "kerberos.as.ok"
|
CodeASProbeOK = "kerberos.as.ok"
|
||||||
CodeASProbeFailed = "kerberos.as.failed"
|
CodeASProbeFailed = "kerberos.as.failed"
|
||||||
CodeASWrongRealm = "kerberos.as.wrong_realm"
|
CodeASWrongRealm = "kerberos.as.wrong_realm"
|
||||||
CodeASRepNoPreauth = "kerberos.as.no_preauth"
|
CodeASRepNoPreauth = "kerberos.as.no_preauth"
|
||||||
CodeClockSkewOK = "kerberos.clock_skew.ok"
|
CodeClockSkewOK = "kerberos.clock_skew.ok"
|
||||||
CodeClockSkewBad = "kerberos.clock_skew.bad"
|
CodeClockSkewBad = "kerberos.clock_skew.bad"
|
||||||
CodeEnctypesStrong = "kerberos.enctypes.strong"
|
CodeEnctypesStrong = "kerberos.enctypes.strong"
|
||||||
CodeEnctypesWeakOnly = "kerberos.enctypes.weak_only"
|
CodeEnctypesWeakOnly = "kerberos.enctypes.weak_only"
|
||||||
CodeEnctypesMixed = "kerberos.enctypes.mixed"
|
CodeEnctypesMixed = "kerberos.enctypes.mixed"
|
||||||
CodeEnctypesUnknown = "kerberos.enctypes.unknown"
|
CodeEnctypesUnknown = "kerberos.enctypes.unknown"
|
||||||
CodeKadminDown = "kerberos.kadmin.unreachable"
|
CodeKadminDown = "kerberos.kadmin.unreachable"
|
||||||
CodeKadminOK = "kerberos.kadmin.ok"
|
CodeKadminOK = "kerberos.kadmin.ok"
|
||||||
CodeKpasswdDown = "kerberos.kpasswd.unreachable"
|
CodeKpasswdDown = "kerberos.kpasswd.unreachable"
|
||||||
CodeKpasswdOK = "kerberos.kpasswd.ok"
|
CodeKpasswdOK = "kerberos.kpasswd.ok"
|
||||||
CodeAuthSkipped = "kerberos.auth.skipped"
|
CodeAuthSkipped = "kerberos.auth.skipped"
|
||||||
CodeAuthTGTOK = "kerberos.auth.tgt_ok"
|
CodeAuthTGTOK = "kerberos.auth.tgt_ok"
|
||||||
CodeAuthTGTFail = "kerberos.auth.tgt_fail"
|
CodeAuthTGTFail = "kerberos.auth.tgt_fail"
|
||||||
CodeAuthTGSOK = "kerberos.auth.tgs_ok"
|
CodeAuthTGSOK = "kerberos.auth.tgs_ok"
|
||||||
CodeAuthTGSFail = "kerberos.auth.tgs_fail"
|
CodeAuthTGSFail = "kerberos.auth.tgs_fail"
|
||||||
CodeAuthTGSSkipped = "kerberos.auth.tgs_skipped"
|
CodeAuthTGSSkipped = "kerberos.auth.tgs_skipped"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Rules returns the full list of CheckRules exposed by the Kerberos checker.
|
// Rules returns the full list of CheckRules exposed by the Kerberos checker.
|
||||||
|
|
|
||||||
2
go.mod
2
go.mod
|
|
@ -3,7 +3,7 @@ module git.happydns.org/checker-kerberos
|
||||||
go 1.25.0
|
go 1.25.0
|
||||||
|
|
||||||
require (
|
require (
|
||||||
git.happydns.org/checker-sdk-go v1.3.0
|
git.happydns.org/checker-sdk-go v1.5.0
|
||||||
github.com/jcmturner/gofork v1.7.6
|
github.com/jcmturner/gofork v1.7.6
|
||||||
github.com/jcmturner/gokrb5/v8 v8.4.4
|
github.com/jcmturner/gokrb5/v8 v8.4.4
|
||||||
)
|
)
|
||||||
|
|
|
||||||
4
go.sum
4
go.sum
|
|
@ -1,5 +1,5 @@
|
||||||
git.happydns.org/checker-sdk-go v1.3.0 h1:FG2kIhlJCzI0m35EhxSgn4UWc9M4ha6aZTeoChu4l7A=
|
git.happydns.org/checker-sdk-go v1.5.0 h1:5uD5Cm6xJ+lwnhbJ09iCXGHbYS9zRh+Yh0NeBHkAPBY=
|
||||||
git.happydns.org/checker-sdk-go v1.3.0/go.mod h1:aNAcfYFfbhvH9kJhE0Njp5GX0dQbxdRB0rJ0KvSC5nI=
|
git.happydns.org/checker-sdk-go v1.5.0/go.mod h1:aNAcfYFfbhvH9kJhE0Njp5GX0dQbxdRB0rJ0KvSC5nI=
|
||||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue