feat: randomize kerberos password at boot

2026-03-26 04:15:31 -05:00 · 2025-02-16 17:46:41 -05:00 · 2025-02-16 17:46:41 -05:00 · fe3bedefc9
commit fe3bedefc9
parent e114f48d4b
1 changed files with 8 additions and 5 deletions
--- a/init.go
+++ b/init.go
@ -1,6 +1,7 @@
 package main

 import (
+	"crypto/rand"
 	"fmt"
 	"os"
 	"strconv"
@ -29,7 +30,6 @@ func init() {
 	}

 	postgresURI := os.Getenv("PN_PIKMIN3_POSTGRES_URI")
-	kerberosPassword := os.Getenv("PN_PIKMIN3_KERBEROS_PASSWORD")
 	authenticationServerPort := os.Getenv("PN_PIKMIN3_AUTHENTICATION_SERVER_PORT")
 	secureServerHost := os.Getenv("PN_PIKMIN3_SECURE_SERVER_HOST")
 	secureServerPort := os.Getenv("PN_PIKMIN3_SECURE_SERVER_PORT")
@ -42,12 +42,15 @@ func init() {
 		os.Exit(0)
 	}

-	if strings.TrimSpace(kerberosPassword) == "" {
-		globals.Logger.Warningf("PN_PIKMIN3_KERBEROS_PASSWORD environment variable not set. Using default password: %q", globals.KerberosPassword)
-	} else {
-		globals.KerberosPassword = kerberosPassword
+	kerberosPassword := make([]byte, 0x10)
+	_, err = rand.Read(kerberosPassword)
+	if err != nil {
+		globals.Logger.Error("Error generating Kerberos password")
+		os.Exit(0)
 	}

+	globals.KerberosPassword = string(kerberosPassword)
+
 	globals.AuthenticationServerAccount = nex.NewAccount(types.NewPID(1), "Quazal Authentication", globals.KerberosPassword)
 	globals.SecureServerAccount = nex.NewAccount(types.NewPID(2), "Quazal Rendez-Vous", globals.KerberosPassword)