Name | Date | Size | #Lines | LOC | ||
---|---|---|---|---|---|---|
.. | 18-Nov-2020 | - | ||||
asn1tools/ | H | 18-Nov-2020 | - | 87 | 49 | |
client/ | H | 18-Nov-2020 | - | 2,753 | 2,360 | |
config/ | H | 18-Nov-2020 | - | 1,676 | 1,444 | |
credentials/ | H | 18-Nov-2020 | - | 1,083 | 884 | |
crypto/ | H | 18-Nov-2020 | - | 2,670 | 1,983 | |
examples/ | H | 18-Nov-2020 | - | 533 | 429 | |
gssapi/ | H | 18-Nov-2020 | - | 1,012 | 762 | |
iana/ | H | 18-Nov-2020 | - | 564 | 473 | |
kadmin/ | H | 18-Nov-2020 | - | 274 | 229 | |
keytab/ | H | 18-Nov-2020 | - | 783 | 654 | |
krberror/ | H | 18-Nov-2020 | - | 92 | 70 | |
messages/ | H | 18-Nov-2020 | - | 3,145 | 2,737 | |
pac/ | H | 18-Nov-2020 | - | 1,431 | 1,179 | |
service/ | H | 18-Nov-2020 | - | 912 | 761 | |
spnego/ | H | 18-Nov-2020 | - | 1,932 | 1,627 | |
test/ | H | 18-Nov-2020 | - | 233 | 203 | |
types/ | H | 18-Nov-2020 | - | 1,258 | 993 | |
README.md | H A D | 18-Nov-2020 | 7 KiB | 95 | 76 | |
USAGE.md | H A D | 18-Nov-2020 | 9.8 KiB | 246 | 216 | |
go.mod | H A D | 18-Nov-2020 | 420 | 16 | 13 | |
go.sum | H A D | 18-Nov-2020 | 3.6 KiB | 41 | 40 | |
gokrb5.go | H A D | 18-Nov-2020 | 562 | 29 | 1 |
README.md
1# gokrb5 2 3It is recommended to use the latest version: [![Version](https://img.shields.io/github/release/jcmturner/gokrb5.svg)](https://github.com/jcmturner/gokrb5/releases) 4 5Development will be focused on the latest major version. New features will only be targeted at this version. 6 7| Versions | Dependency Management | Import Path | Usage | Godoc | Go Report Card | 8|----------|-----------------------|-------------|-------|-------|----------------| 9| [![v8](https://github.com/jcmturner/gokrb5/workflows/v8/badge.svg)](https://github.com/jcmturner/gokrb5/actions?query=workflow%3Av8) | Go modules | import "github.com/jcmturner/gokrb5/v8/{sub-package}" | [![Usage](https://img.shields.io/badge/v8-usage-blue)](https://github.com/jcmturner/gokrb5/blob/master/v8/USAGE.md) | [![GoDoc](https://img.shields.io/badge/godoc-reference-blue)](https://pkg.go.dev/github.com/jcmturner/gokrb5/v8) | [![Go Report Card](https://goreportcard.com/badge/github.com/jcmturner/gokrb5/v8)](https://goreportcard.com/report/github.com/jcmturner/gokrb5/v8) | 10| [![v7](https://github.com/jcmturner/gokrb5/workflows/v7/badge.svg)](https://github.com/jcmturner/gokrb5/actions?query=workflow%3Av7) | gopkg.in | import "gopkg.in/jcmturner/gokrb5.v7/{sub-package}" | [![Usage](https://img.shields.io/badge/v7-usage-blue)](https://github.com/jcmturner/gokrb5/blob/master/USAGE.md) | [![GoDoc](https://img.shields.io/badge/godoc-reference-blue)](https://pkg.go.dev/github.com/jcmturner/gokrb5@v7.5.0+incompatible) | [![Go Report Card](https://goreportcard.com/badge/gopkg.in/jcmturner/gokrb5.v7)](https://goreportcard.com/report/gopkg.in/jcmturner/gokrb5.v7) | 11 12 13#### Go Version Support 14![Go version](https://img.shields.io/badge/Go-1.15-brightgreen.svg) 15![Go version](https://img.shields.io/badge/Go-1.14-brightgreen.svg) 16 17gokrb5 may work with other versions of Go but they are not formally tested. 18It has been reported that gokrb5 also works with the [gollvm](https://go.googlesource.com/gollvm/) compiler but this is not formally tested. 19 20## Features 21* **Pure Go** - no dependency on external libraries 22* No platform specific code 23* Server Side 24 * HTTP handler wrapper implements SPNEGO Kerberos authentication 25 * HTTP handler wrapper decodes Microsoft AD PAC authorization data 26* Client Side 27 * Client that can authenticate to an SPNEGO Kerberos authenticated web service 28 * Ability to change client's password 29* General 30 * Kerberos libraries for custom integration 31 * Parsing Keytab files 32 * Parsing krb5.conf files 33 * Parsing client credentials cache files such as `/tmp/krb5cc_$(id -u $(whoami))` 34 35#### Implemented Encryption & Checksum Types 36 37| Implementation | Encryption ID | Checksum ID | RFC | 38|-------|-------------|------------|------| 39| des3-cbc-sha1-kd | 16 | 12 | 3961 | 40| aes128-cts-hmac-sha1-96 | 17 | 15 | 3962 | 41| aes256-cts-hmac-sha1-96 | 18 | 16 | 3962 | 42| aes128-cts-hmac-sha256-128 | 19 | 19 | 8009 | 43| aes256-cts-hmac-sha384-192 | 20 | 20 | 8009 | 44| rc4-hmac | 23 | -138 | 4757 | 45 46 47The following is working/tested: 48* Tested against MIT KDC (1.6.3 is the oldest version tested against) and Microsoft Active Directory (Windows 2008 R2) 49* Tested against a KDC that supports PA-FX-FAST. 50* Tested against users that have pre-authentication required using PA-ENC-TIMESTAMP. 51* Microsoft PAC Authorization Data is processed and exposed in the HTTP request context. Available if Microsoft Active Directory is used as the KDC. 52 53## Contributing 54If you are interested in contributing to gokrb5, great! Please read the [contribution guidelines](https://github.com/jcmturner/gokrb5/blob/master/CONTRIBUTING.md). 55 56--- 57 58## References 59* [RFC 3244 Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols](https://tools.ietf.org/html/rfc3244) 60* [RFC 4120 The Kerberos Network Authentication Service (V5)](https://tools.ietf.org/html/rfc4120) 61* [RFC 3961 Encryption and Checksum Specifications for Kerberos 5](https://tools.ietf.org/html/rfc3961) 62* [RFC 3962 Advanced Encryption Standard (AES) Encryption for Kerberos 5](https://tools.ietf.org/html/rfc3962) 63* [RFC 4121 The Kerberos Version 5 GSS-API Mechanism](https://tools.ietf.org/html/rfc4121) 64* [RFC 4178 The Simple and Protected Generic Security Service Application Program Interface (GSS-API) Negotiation Mechanism](https://tools.ietf.org/html/rfc4178.html) 65* [RFC 4559 SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows](https://tools.ietf.org/html/rfc4559.html) 66* [RFC 4757 The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows](https://tools.ietf.org/html/rfc4757) 67* [RFC 6806 Kerberos Principal Name Canonicalization and Cross-Realm Referrals](https://tools.ietf.org/html/rfc6806.html) 68* [RFC 6113 A Generalized Framework for Kerberos Pre-Authentication](https://tools.ietf.org/html/rfc6113.html) 69* [RFC 8009 AES Encryption with HMAC-SHA2 for Kerberos 5](https://tools.ietf.org/html/rfc8009) 70* [IANA Assigned Kerberos Numbers](http://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml) 71* [HTTP-Based Cross-Platform Authentication by Using the Negotiate Protocol - Part 1](https://msdn.microsoft.com/en-us/library/ms995329.aspx) 72* [HTTP-Based Cross-Platform Authentication by Using the Negotiate Protocol - Part 2](https://msdn.microsoft.com/en-us/library/ms995330.aspx) 73* [Microsoft PAC Validation](https://blogs.msdn.microsoft.com/openspecification/2009/04/24/understanding-microsoft-kerberos-pac-validation/) 74* [Microsoft Kerberos Protocol Extensions](https://msdn.microsoft.com/en-us/library/cc233855.aspx) 75* [Windows Data Types](https://msdn.microsoft.com/en-us/library/cc230273.aspx) 76 77### Useful Links 78* https://en.wikipedia.org/wiki/Ciphertext_stealing#CBC_ciphertext_stealing 79 80## Thanks 81* Greg Hudson from the MIT Consortium for Kerberos and Internet Trust for providing useful advice. 82 83## Contributing 84Thank you for your interest in contributing to gokrb5 please read the 85[contribution guide](https://github.com/jcmturner/gokrb5/blob/master/CONTRIBUTING.md) as it should help you get started. 86 87## Known Issues 88| Issue | Worked around? | References | 89|-------|-------------|------------| 90| The Go standard library's encoding/asn1 package cannot unmarshal into slice of asn1.RawValue | Yes | https://github.com/golang/go/issues/17321 | 91| The Go standard library's encoding/asn1 package cannot marshal into a GeneralString | Yes - using https://github.com/jcmturner/gofork/tree/master/encoding/asn1 | https://github.com/golang/go/issues/18832 | 92| The Go standard library's encoding/asn1 package cannot marshal into slice of strings and pass stringtype parameter tags to members | Yes - using https://github.com/jcmturner/gofork/tree/master/encoding/asn1 | https://github.com/golang/go/issues/18834 | 93| The Go standard library's encoding/asn1 package cannot marshal with application tags | Yes | | 94| The Go standard library's x/crypto/pbkdf2.Key function uses the int type for iteraction count limiting meaning the 4294967296 count specified in https://tools.ietf.org/html/rfc3962 section 4 cannot be met on 32bit systems | Yes - using https://github.com/jcmturner/gofork/tree/master/x/crypto/pbkdf2 | https://go-review.googlesource.com/c/crypto/+/85535 | 95