Skip to content

Wraps gokrb5 and sspi libraries to provide cross-platform way to make HTTP calls with Kerberos authentication

License

Notifications You must be signed in to change notification settings

MarshallWace/go-spnego

 
 

Repository files navigation

go-spnego

The package extends Go's HTTP Transport allowing Kerberos authentication through Negotiate mechanism (see RFC4559).

Internally it is implemented by wrapping 2 libraries: gokrb5 on Linux and sspi on Windows.

There is no pre-authenticaion yet, so the library assumes you have Kerberos ticket obtained.

Linux implementation requires MIT or Heimdal Kerberos to be present. Windows implementation utilizes credentials of currently logged in user.

Currently it allows only to make HTTP calls, no server side support yet.

Installation

go get github.com/MarshallWace/go-spnego

Usage example

import "github.com/MarshallWace/go-spnego"
...
c := &http.Client{
    Transport: &spnego.Transport{},
}

resp, err := c.Get("http://kerberized.service.com/")

To set normal http.Transport options:

import "github.com/MarshallWace/go-spnego"
...
c := &http.Client{
        Transport: &spnego.Transport{
                Transport: http.Transport{
                        DisableCompression: true,
                },
        },
}

Configuration

Windows: no configuration options.

Linux:

  • KRB5_CONFIG - path to configuration file in MIT Kerberos format. Default is /etc/krb5.conf.
  • KRB5CCNAME - path to credential cache in the form type:residual. Only FILE: type is supported. Default is FILE:/tmp/krb5cc_$(id -u)

About

Wraps gokrb5 and sspi libraries to provide cross-platform way to make HTTP calls with Kerberos authentication

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 100.0%