Need help with gokrb5?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

jcmturner
489 Stars 131 Forks Apache License 2.0 638 Commits 36 Opened issues

Description

Pure Go Kerberos library for clients and services

Services available

!
?

Need anything else?

Contributors list

gokrb5

It is recommended to use the latest version: Version

Development will be focused on the latest major version. New features will only be targeted at this version.

| Versions | Dependency Management | Import Path | Usage | Godoc | Go Report Card | |----------|-----------------------|-------------|-------|-------|----------------| | v8 | Go modules | import "github.com/jcmturner/gokrb5/v8/{sub-package}" | Usage | GoDoc | Go Report Card | | v7 | gopkg.in | import "gopkg.in/jcmturner/gokrb5.v7/{sub-package}" | Usage | GoDoc | Go Report Card |

Go Version Support

Go version Go version

gokrb5 may work with other versions of Go but they are not formally tested. It has been reported that gokrb5 also works with the gollvm compiler but this is not formally tested.

Features

  • Pure Go - no dependency on external libraries
  • No platform specific code
  • Server Side
    • HTTP handler wrapper implements SPNEGO Kerberos authentication
    • HTTP handler wrapper decodes Microsoft AD PAC authorization data
  • Client Side
    • Client that can authenticate to an SPNEGO Kerberos authenticated web service
    • Ability to change client's password
  • General
    • Kerberos libraries for custom integration
    • Parsing Keytab files
    • Parsing krb5.conf files
    • Parsing client credentials cache files such as
      /tmp/krb5cc_$(id -u $(whoami))

Implemented Encryption & Checksum Types

| Implementation | Encryption ID | Checksum ID | RFC | |-------|-------------|------------|------| | des3-cbc-sha1-kd | 16 | 12 | 3961 | | aes128-cts-hmac-sha1-96 | 17 | 15 | 3962 | | aes256-cts-hmac-sha1-96 | 18 | 16 | 3962 | | aes128-cts-hmac-sha256-128 | 19 | 19 | 8009 | | aes256-cts-hmac-sha384-192 | 20 | 20 | 8009 | | rc4-hmac | 23 | -138 | 4757 |

The following is working/tested: * Tested against MIT KDC (1.6.3 is the oldest version tested against) and Microsoft Active Directory (Windows 2008 R2) * Tested against a KDC that supports PA-FX-FAST. * Tested against users that have pre-authentication required using PA-ENC-TIMESTAMP. * Microsoft PAC Authorization Data is processed and exposed in the HTTP request context. Available if Microsoft Active Directory is used as the KDC.

Contributing

If you are interested in contributing to gokrb5, great! Please read the contribution guidelines.


References

Useful Links

  • https://en.wikipedia.org/wiki/Ciphertextstealing#CBCciphertext_stealing

Thanks

  • Greg Hudson from the MIT Consortium for Kerberos and Internet Trust for providing useful advice.

Contributing

Thank you for your interest in contributing to gokrb5 please read the contribution guide as it should help you get started.

Known Issues

| Issue | Worked around? | References | |-------|-------------|------------| | The Go standard library's encoding/asn1 package cannot unmarshal into slice of asn1.RawValue | Yes | https://github.com/golang/go/issues/17321 | | The Go standard library's encoding/asn1 package cannot marshal into a GeneralString | Yes - using https://github.com/jcmturner/gofork/tree/master/encoding/asn1 | https://github.com/golang/go/issues/18832 | | The Go standard library's encoding/asn1 package cannot marshal into slice of strings and pass stringtype parameter tags to members | Yes - using https://github.com/jcmturner/gofork/tree/master/encoding/asn1 | https://github.com/golang/go/issues/18834 | | The Go standard library's encoding/asn1 package cannot marshal with application tags | Yes | | | The Go standard library's x/crypto/pbkdf2.Key function uses the int type for iteraction count limiting meaning the 4294967296 count specified in https://tools.ietf.org/html/rfc3962 section 4 cannot be met on 32bit systems | Yes - using https://github.com/jcmturner/gofork/tree/master/x/crypto/pbkdf2 | https://go-review.googlesource.com/c/crypto/+/85535 |

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.