The package extends Go's HTTP Transport allowing Kerberos authentication through Negotiate mechanism (see RFC4559).
Internally it is implemented by wrapping 2 libraries: gokrb5 on Linux and sspi on Windows.
There is no pre-authenticaion yet, so the library assumes you have Kerberos ticket obtained.
Linux implementation requires MIT or Heimdal Kerberos to be present. Windows implementation utilizes credentials of currently logged in user.
Currently it allows only to make HTTP calls, no server side support yet.
go get github.com/MarshallWace/go-spnego
import "github.com/MarshallWace/go-spnego"
...
c := &http.Client{
Transport: &spnego.Transport{},
}
resp, err := c.Get("http://kerberized.service.com/")
To set normal http.Transport
options:
import "github.com/MarshallWace/go-spnego"
...
c := &http.Client{
Transport: &spnego.Transport{
Transport: http.Transport{
DisableCompression: true,
},
},
}
Windows: no configuration options.
Linux:
KRB5_CONFIG
- path to configuration file in MIT Kerberos format. Default is/etc/krb5.conf
.KRB5CCNAME
- path to credential cache in the form type:residual. OnlyFILE:
type is supported. Default isFILE:/tmp/krb5cc_$(id -u)