github.com/jcmturner/gokrb5

v8.4.4+incompatible
Source
Go

Version published: 2 years ago

Created: 7 years ago

Source

gokrb5

It is recommended to use the latest version:

Development will be focused on the latest major version. New features will only be targeted at this version.

Versions	Dependency Management	Import Path	Usage	Godoc	Go Report Card
	Go modules	import "github.com/jcmturner/gokrb5/v8/{sub-package}"
	gopkg.in	import "gopkg.in/jcmturner/gokrb5.v7/{sub-package}"

Go Version Support

gokrb5 may work with other versions of Go but they are not formally tested. It has been reported that gokrb5 also works with the gollvm compiler but this is not formally tested.

Features

Pure Go - no dependency on external libraries
No platform specific code
Server Side
- HTTP handler wrapper implements SPNEGO Kerberos authentication
- HTTP handler wrapper decodes Microsoft AD PAC authorization data
Client Side
- Client that can authenticate to an SPNEGO Kerberos authenticated web service
- Ability to change client's password
General
- Kerberos libraries for custom integration
- Parsing Keytab files
- Parsing krb5.conf files
- Parsing client credentials cache files such as /tmp/krb5cc_$(id -u $(whoami))

Implemented Encryption & Checksum Types

Implementation	Encryption ID	Checksum ID	RFC
des3-cbc-sha1-kd	16	12	3961
aes128-cts-hmac-sha1-96	17	15	3962
aes256-cts-hmac-sha1-96	18	16	3962
aes128-cts-hmac-sha256-128	19	19	8009
aes256-cts-hmac-sha384-192	20	20	8009
rc4-hmac	23	-138	4757

The following is working/tested:

Tested against MIT KDC (1.6.3 is the oldest version tested against) and Microsoft Active Directory (Windows 2008 R2)
Tested against a KDC that supports PA-FX-FAST.
Tested against users that have pre-authentication required using PA-ENC-TIMESTAMP.
Microsoft PAC Authorization Data is processed and exposed in the HTTP request context. Available if Microsoft Active Directory is used as the KDC.

Contributing

If you are interested in contributing to gokrb5, great! Please read the contribution guidelines.

References

Useful Links

https://en.wikipedia.org/wiki/Ciphertext_stealing#CBC_ciphertext_stealing

Thanks

Greg Hudson from the MIT Consortium for Kerberos and Internet Trust for providing useful advice.

Contributing

Thank you for your interest in contributing to gokrb5 please read the contribution guide as it should help you get started.

Known Issues

Issue	Worked around?	References
The Go standard library's encoding/asn1 package cannot unmarshal into slice of asn1.RawValue	Yes	https://github.com/golang/go/issues/17321
The Go standard library's encoding/asn1 package cannot marshal into a GeneralString	Yes - using https://github.com/jcmturner/gofork/tree/master/encoding/asn1	https://github.com/golang/go/issues/18832
The Go standard library's encoding/asn1 package cannot marshal into slice of strings and pass stringtype parameter tags to members	Yes - using https://github.com/jcmturner/gofork/tree/master/encoding/asn1	https://github.com/golang/go/issues/18834
The Go standard library's encoding/asn1 package cannot marshal with application tags	Yes
The Go standard library's x/crypto/pbkdf2.Key function uses the int type for iteraction count limiting meaning the 4294967296 count specified in https://tools.ietf.org/html/rfc3962 section 4 cannot be met on 32bit systems	Yes - using https://github.com/jcmturner/gofork/tree/master/x/crypto/pbkdf2	https://go-review.googlesource.com/c/crypto/+/85535

FAQs

What is github.com/jcmturner/gokrb5?

Package last updated on 25 Feb 2023

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install