diff options
Diffstat (limited to 'main.go')
-rw-r--r-- | main.go | 20 |
1 files changed, 14 insertions, 6 deletions
@@ -14,8 +14,7 @@ import ( type PwmanServer struct { LdapInfo *LdapInfo PwnedDBFile string - Krb5Conf string - ChangePwScript string + Krb5Conf *Krb5Conf RemoteUserHeader string BasePath string LogoutUrl string @@ -26,17 +25,26 @@ var pwman *PwmanServer const csrf_base = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789._#%!&:;?+{}[]" func main() { - var ldapServer, ldapUser, ldapPassword, pwnedFile, krb5Conf, changePwScript, csrfSecret, serverAddr, basePath, logoutUrl string + var ldapServer, ldapUser, ldapPassword, pwnedFile, krb5Principal, krb5Keytab, krb5Realm, csrfSecret, serverAddr, basePath, logoutUrl string var ldapPort int var ldapSkipSSLVerify, csrfInsecure, gennerateCsrfKey bool + + // LDAP flag.StringVar(&ldapServer, "ldap-server", "localhost", "the ldap server address") flag.IntVar(&ldapPort, "ldap-port", 636, "the ldap server port") flag.BoolVar(&ldapSkipSSLVerify, "ldap-ssl-skip-verify", false, "Should the ssl certificate of the ldap server be verfied") flag.StringVar(&ldapUser, "ldap-user", "cn=admin,dc=nordu,dc=net", "An ldap user that can change user attributes") flag.StringVar(&ldapPassword, "ldap-password", "", "Ldap user password") + + // PWNED flag.StringVar(&pwnedFile, "pwned", "./pwned/pwned-passwords-ordered.txt", "Path to the pwned passwords list") - flag.StringVar(&krb5Conf, "krb5-config", "./krb5.conf", "Path to kerberos config file") - flag.StringVar(&changePwScript, "changepw-script", "./scripts/create-kdc-principal.pl", "Path to the change password script") + + // KRB5 + flag.StringVar(&krb5Principal, "krb5-principal", "pwman", "The kerberos principal pwman should use for changes") + flag.StringVar(&krb5Keytab, "krb5-keytab", "keytabs/pwman.keytab", "The kerberos keytab that pwman should use") + flag.StringVar(&krb5Realm, "krb5-realm", "NORDU.NET", "The kerberos realm to use") + + // PWMAN flag.StringVar(&csrfSecret, "csrf-secret", "", "Specify csrf 32 char secret") flag.StringVar(&serverAddr, "address", ":3000", "Server address to listen on") flag.StringVar(&basePath, "base-path", "", "A base path that pwman lives under e.g. /sso") @@ -55,12 +63,12 @@ func main() { } ldapInfo := &LdapInfo{Server: ldapServer, Port: ldapPort, SSLSkipVerify: ldapSkipSSLVerify, User: ldapUser, Password: ldapPassword} + krb5Conf := &Krb5Conf{Principal: krb5Principal, Keytab: krb5Keytab, Realm: krb5Realm} pwman = &PwmanServer{ LdapInfo: ldapInfo, PwnedDBFile: pwnedFile, Krb5Conf: krb5Conf, - ChangePwScript: changePwScript, RemoteUserHeader: "X-Remote-User", BasePath: basePath, LogoutUrl: logoutUrl, |