go-sasl
go-sasl copied to clipboard
emersion
Implement Kerberos V5 (GSSAPI)
If you ever want to implement this I suggest you do it via bindings to libgssapi.so (dynamically load if present, if not present your user is definitely not using kerberos on their machine anyway).
I'd rather not. I'd prefer to just provide the wire marshalling, define an interface, and letting users implement it with whatever kerberos lib they want.
Well on the wire there isn't much going, the meat of the SASL/GSSAPI mechanism is in calling gss_init_sec_context() repeatedly and shuffling along the binary blobs you get back. But as long as there is no intention of implementing kerberos or gssapi here all is good :-)
Just note that there are basically there "gssapi" SASL protocols that are used: GSSAPI (traditionally on unix like systems) GSS-SPNEGO (very similar to GSSAPI but used for compatibility with Microsoft systems) and the new GS2 mechanism that doesn't have wide usage as far as I know.
GSSAPI and GSS-SPNEGO are very close and can share most of the machinery, they are implemented in the same plugin in cyrus-sasl for example.
HTH.