gokrb5
gokrb5 copied to clipboard
Pure Go Kerberos library for clients and services
Current keytab.AddEntry(..) adds salts derived from the PrincipalName. This does not work in AD for AES* since Microsoft decided to implement it differently. To deal with the issue ktutil in...
[RFC3962 (4)](https://datatracker.ietf.org/doc/html/rfc3962#section-4) stipulates that a `00 00 00 00` be changed to 2^32, which currently motivates using an int64, instead of an int, to hold its value when calling pbkdf2...
When requesting a TGT with Kerberos the `client.ASExchange()` function returns a `krberror.Krberror` which provides no way to access the original `ErrorCode`. This makes it very brittle to depend on Kerberos...
Hi hello. Although I have used a lot of time to read the source code of this repo, blog about kerberos and research the method to access hiveserver2 with kerberos,...
Hello! I have 2 question that I need your help. 1. When I use krb5, I found that the following code will cause different lengths of reqbody and reqlength during...
I have gokrb5 working for HTTP SPN authentication. I would like to create something more generic. I would like to build a proxy service which can be used for PostgreSQL...
Now, wrapToken.go only supports Wrap Tokens v2 defined in https://datatracker.ietf.org/doc/html/rfc4121#section-4.2.6 The Kerberos Version 5 GSS-API Mechanism: Version 2 for Backwards Compatibility Considerations, is should implement Wrap Tokens v1 defined in...
Fixes #428 Support parameter expansion for default_ccache_name, default_client_keytab_name and default_keytab_name. Additionally, parse krb5-config if it exists, for defaults that aren't set in krb5.conf. This should support MIT sites that use...
We had a panic problem parsing a config with one line realm configuration, like: [realms] ATHENA.MIT.EDU = { kdc = kerberos.mit.edu } panic: runtime error: slice bounds out of range...
This exposes inner errors in `Krberror` errors as a non-breaking change by making Krberror implement the `Unwrap` interface. Example: ``` err := client.Login() var krbErr messages.KRBError if errors.As(err, &krbErr) {...