History

brian m. carlson 98d237138f Bump go-spnego to the latest version This version uses a newer version of the Kerberos library, which should work better in some environments. Tidy the go.mod and go.sum files and vendor the dependencies.		2021-04-14 15:17:33 +00:00
..
go.mod	Bump go-spnego to the latest version	2021-04-14 15:17:33 +00:00
go.sum	Bump go-spnego to the latest version	2021-04-14 15:17:33 +00:00
LICENSE	go.mod: add SPNEGO modules	2019-12-09 15:35:53 +00:00
README.md	go.mod: add SPNEGO modules	2019-12-09 15:35:53 +00:00
spnego_gokrb5.go	Bump go-spnego to the latest version	2021-04-14 15:17:33 +00:00
spnego_windows.go	go.mod: add SPNEGO modules	2019-12-09 15:35:53 +00:00
spnego.go	go.mod: add SPNEGO modules	2019-12-09 15:35:53 +00:00
transport.go	go.mod: add SPNEGO modules	2019-12-09 15:35:53 +00:00

README.md

go-spnego

The package extends Go's HTTP Transport allowing Kerberos authentication through Negotiate mechanism (see RFC4559).

Internally it is implemented by wrapping 2 libraries: gokrb5 on Linux and sspi on Windows.

There is no pre-authenticaion yet, so the library assumes you have Kerberos ticket obtained.

Linux implementation requires MIT or Heimdal Kerberos to be present. Windows implementation utilizes credentials of currently logged in user.

Currently it allows only to make HTTP calls, no server side support yet.

Installation

go get github.com/dpotapov/go-spnego

Usage example

import "github.com/dpotapov/go-spnego"
...
c := &http.Client{
    Transport: &spnego.Transport{},
}

resp, err := c.Get("http://kerberized.service.com/")

Configuration

Windows: no configuration options.

Linux:

KRB5_CONFIG - path to configuration file in MIT Kerberos format. Default is /etc/krb5.conf.
KRB5CCNAME - path to credential cache in the form type:residual. Only FILE: type is supported. Default is FILE:/tmp/krb5cc_$(id -u)