diff --git a/README.md b/README.md index 4ee9395..f9c4718 100644 --- a/README.md +++ b/README.md @@ -87,8 +87,6 @@ All configuration options are handled via environment variables | Name | Description | Required | |---------------------------------------------|------------------------------------------------------------------------------------------------------------------------|-------------------------------------| | `PN_FRIENDS_CONFIG_DATABASE_URI` | Fully qualified URI to your Postgres server (Example `postgres://username:password@localhost/friends?sslmode=disable`) | Yes | -| `PN_FRIENDS_CONFIG_AUTHENTICATION_PASSWORD` | The password of the authentication server user account. | Yes | -| `PN_FRIENDS_CONFIG_SECURE_PASSWORD` | The password of the secure server user account. Used as part of the internal server data in Kerberos tickets | Yes | | `PN_FRIENDS_CONFIG_AES_KEY` | AES key used in tokens provided by the account server | Yes | | `PN_FRIENDS_CONFIG_GRPC_API_KEY` | API key for your GRPC server | No (Assumed to be an open gRPC API) | | `PN_FRIENDS_GRPC_SERVER_PORT` | Port for the GRPC server | Yes | diff --git a/init.go b/init.go index 6cb92d4..674f4d6 100644 --- a/init.go +++ b/init.go @@ -2,6 +2,7 @@ package main import ( "cmp" + "crypto/rand" "encoding/hex" "fmt" "os" @@ -36,8 +37,6 @@ func init() { postgresURI := os.Getenv("PN_FRIENDS_CONFIG_DATABASE_URI") databaseMaxConnectionsStr := cmp.Or(os.Getenv("PN_FRIENDS_CONFIG_DATABASE_MAX_CONNECTIONS"), "100") - authenticationServerPassword := os.Getenv("PN_FRIENDS_CONFIG_AUTHENTICATION_PASSWORD") - secureServerPassword := os.Getenv("PN_FRIENDS_CONFIG_SECURE_PASSWORD") aesKey := os.Getenv("PN_FRIENDS_CONFIG_AES_KEY") grpcAPIKey := os.Getenv("PN_FRIENDS_CONFIG_GRPC_API_KEY") grpcServerPort := os.Getenv("PN_FRIENDS_GRPC_SERVER_PORT") @@ -62,21 +61,18 @@ func init() { globals.DatabaseMaxConnections = databaseMaxConnections } - if strings.TrimSpace(authenticationServerPassword) == "" { - globals.Logger.Error("PN_FRIENDS_CONFIG_AUTHENTICATION_PASSWORD environment variable not set") + kerberosPassword := make([]byte, 0x10) + _, err = rand.Read(kerberosPassword) + if err != nil { + globals.Logger.Error("Error generating Kerberos password") os.Exit(0) } - globals.AuthenticationServerAccount = nex.NewAccount(nex_types.NewPID(1), "Quazal Authentication", authenticationServerPassword) + globals.KerberosPassword = string(kerberosPassword) - if strings.TrimSpace(secureServerPassword) == "" { - globals.Logger.Error("PN_FRIENDS_CONFIG_SECURE_PASSWORD environment variable not set") - os.Exit(0) - } - - globals.SecureServerAccount = nex.NewAccount(nex_types.NewPID(2), "Quazal Rendez-Vous", secureServerPassword) - - globals.GuestAccount = nex.NewAccount(nex_types.NewPID(100), "guest", "MMQea3n!fsik") // * Guest account password is always the same, known to all consoles + globals.AuthenticationServerAccount = nex.NewAccount(nex_types.NewPID(1), "Quazal Authentication", globals.KerberosPassword) + globals.SecureServerAccount = nex.NewAccount(nex_types.NewPID(2), "Quazal Rendez-Vous", globals.KerberosPassword) + globals.GuestAccount = nex.NewAccount(nex_types.NewPID(100), "guest", "MMQea3n!fsik") // * Guest account password is always the same, known to all consoles. Only allow on the friends server if strings.TrimSpace(aesKey) == "" { globals.Logger.Error("PN_FRIENDS_CONFIG_AES_KEY environment variable not set")