Releases: jcmturner/gokrb5
Releases · jcmturner/gokrb5
Client thread safety
- Client thread safety
Server referral support for client
Client now supports server type referrals: https://tools.ietf.org/html/rfc6806.html#section-8
Fix Credentials struct bug
v1.1.3 resolves #25
Accept Legacy KRB5 SPNEGO OID
Resolves issue #22
Imports for gopkg.in/jcmturner/gokrb5.v1
Updated imports to be based from gopkg.in/jcmturner/gokrb5.v1
krb5 config duration parsing
Handle all formats for durations in krb5.conf as listed here: https://web.mit.edu/kerberos/krb5-latest/doc/basic/date_format.html#duration
Import aescts from external pkg
Import aescts from external pkg
First release
Features
- Server Side
- HTTP handler wrapper implements SPNEGO Kerberos authentication
- HTTP handler wrapper decodes Microsoft AD PAC authorization data
- Client Side
- Client that can authenticate to an SPNEGO Kerberos authenticated web service
- General
- Kerberos libraries for custom integration
- Parsing Keytab files
- Parsing krb5.conf files
- Parsing client credentials cache files such as
/tmp/krb5cc_$(id -u $(whoami))
Implemented Encryption & Checksum Types
| Implementation | Encryption ID | Checksum ID | RFC |
|---|---|---|---|
| des3-cbc-sha1-kd | 16 | 12 | 3961 |
| aes128-cts-hmac-sha1-96 | 17 | 15 | 3962 |
| aes256-cts-hmac-sha1-96 | 18 | 16 | 3962 |
| aes128-cts-hmac-sha256-128 | 19 | 19 | 8009 |
| aes256-cts-hmac-sha384-192 | 20 | 20 | 8009 |
| rc4-hmac | 23 | -138 | 4757 |
Capabilities
- Interaction with KDCs that implement PA-FX-FAST.
- Support for users that have pre-authentication required using PA-ENC-TIMESTAMP.
- Microsoft PAC Authorization Data is processed and exposed in the HTTP request context. Available if Microsoft Active Directory is used as the KDC.