New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

github.com/gunnarbeutner/gssapi

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/gunnarbeutner/gssapi

  • v0.0.0-20190924124357-0032aa41cf1d
  • Source
  • Go
  • Socket score
Version published
Created
Source

gssapi

License ReportCard Build Coverage GoDoc

The gssapi package is a Golang wrapper around RFC 2743, the Generic Security Services Application Programming Interface. (GSSAPI)

Uses

We use it to authenticate clients with our authentication server. Clients talk to a Kerberos or Active Directory Domain Controller to retrieve a Kerberos service ticket, which we verify with a keytab on our authentication server.

When a user logs into Kerberos using kinit, they get a Kerberos TGT. During Kerberos authentication, that TGT is used to retrieve a Service Ticket from the Domain Controller. GSSAPI lets us authenticate without having to know where or in what form the TGT is stored. Because each operating system vendor might move that, this package wraps your system GSSAPI implementation.

What do you use it for? Let us know!

Building

This library is go get compatible. However, it also requires header files to build against the GSSAPI C library on your platform.

Golang needs to be able to find a gcc compiler (and one which is recent enough to support gccgo). If the system compiler isn't gcc, then use CC in environ to point the Golang build tools at your gcc. (LLVM's clang does not work and Golang's diagnostics if it encounters clang are to spew a lot of apparently-unrelated errors from trying to use it anyway).

On MacOS, the default headers are too old; you can use newer headers for building but still use the normal system libraries.

  • FreeBSD: export CC=gcc48; go install
  • MacOS: brew install homebrew/dupes/heimdal --without-x11
  • Ubuntu: see apt-get in test/docker/client/Dockerfile

Testing

Tests in the main gssapi repository can be run using the built-in go test.

To run an integrated test against a live Heimdal Kerberos Domain Controller, cd test and bring up Docker, (or boot2docker). Then, run ./run-heimdal.sh. This will run some go tests using three Docker images: a client, a service, and a domain controller. The service will receive a generated keytab file, and the client will point to the domain controller for authentication.

NOTE: to run Docker tests, your GOROOT environment variable MUST be set.

TODO

See our TODO doc on stuff you can do to help. We welcome contributions!

Verified platforms

We've tested that we can authenticate against:

  • Heimdal Kerberos
  • Active Directory

We suspect we can authenticate against:

  • MIT Kerberos

We definitely cannot authenticate with:

  • Windows clients (because Windows uses SSPI instead of GSSAPI as the library interface)

FAQs

Package last updated on 24 Sep 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

38% of CISOs Fear They’re Not Moving Fast Enough on AI

Security News

38% of CISOs Fear They’re Not Moving Fast Enough on AI

CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.

By Sarah Gooding  -  Feb 04, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc