{"id":13509701,"url":"https://github.com/netauth/netauth","last_synced_at":"2026-01-22T14:58:21.538Z","repository":{"id":27271041,"uuid":"113138247","full_name":"netauth/netauth","owner":"netauth","description":"The NetAuth service itself.","archived":false,"fork":false,"pushed_at":"2025-08-13T04:40:24.000Z","size":1303,"stargazers_count":74,"open_issues_count":5,"forks_count":9,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-08-13T06:29:05.016Z","etag":null,"topics":["authentication-service","golang","netauth","secure-access"],"latest_commit_sha":null,"homepage":"https://netauth.org","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/netauth.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"ROADMAP","authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-12-05T05:44:16.000Z","updated_at":"2025-08-13T04:40:20.000Z","dependencies_parsed_at":"2024-06-18T16:43:40.275Z","dependency_job_id":"2d27cd56-bc37-4a29-9e9a-9433e22f6db5","html_url":"https://github.com/netauth/netauth","commit_stats":null,"previous_names":[],"tags_count":46,"template":false,"template_full_name":null,"purl":"pkg:github/netauth/netauth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netauth%2Fnetauth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netauth%2Fnetauth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netauth%2Fnetauth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netauth%2Fnetauth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/netauth","download_url":"https://codeload.github.com/netauth/netauth/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netauth%2Fnetauth/sbom","scorecard":{"id":680601,"data":{"date":"2025-08-11","repo":{"name":"github.com/netauth/netauth","commit":"5a87f903c73dbbebfd4b03a1dc4bbaaed85233a6"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.8,"checks":[{"name":"Code-Review","score":1,"reason":"Found 4/29 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":4,"reason":"5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/netauth/netauth/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/netauth/netauth/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/netauth/netauth/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/netauth/netauth/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/netauth/netauth/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/netauth/netauth/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/netauth/netauth/release.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:8","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   5 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:7"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.6.4 not signed: https://api.github.com/repos/netauth/netauth/releases/239548530","Warn: release artifact v0.6.2 not signed: https://api.github.com/repos/netauth/netauth/releases/147113191","Warn: release artifact v0.6.1 not signed: https://api.github.com/repos/netauth/netauth/releases/68503777","Warn: release artifact v0.6.0 not signed: https://api.github.com/repos/netauth/netauth/releases/56648710","Warn: release artifact v0.5.0 not signed: https://api.github.com/repos/netauth/netauth/releases/45820329","Warn: release artifact v0.6.4 does not have provenance: https://api.github.com/repos/netauth/netauth/releases/239548530","Warn: release artifact v0.6.2 does not have provenance: https://api.github.com/repos/netauth/netauth/releases/147113191","Warn: release artifact v0.6.1 does not have provenance: https://api.github.com/repos/netauth/netauth/releases/68503777","Warn: release artifact v0.6.0 does not have provenance: https://api.github.com/repos/netauth/netauth/releases/56648710","Warn: release artifact v0.5.0 does not have provenance: https://api.github.com/repos/netauth/netauth/releases/45820329"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 5 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0470 / GHSA-9w9f-6mg8-jp7w"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T23:00:28.188Z","repository_id":27271041,"created_at":"2025-08-21T23:00:28.188Z","updated_at":"2025-08-21T23:00:28.188Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28664810,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-22T14:01:31.714Z","status":"ssl_error","status_checked_at":"2026-01-22T13:59:23.143Z","response_time":144,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication-service","golang","netauth","secure-access"],"created_at":"2024-08-01T02:01:11.729Z","updated_at":"2026-01-22T14:58:21.511Z","avatar_url":"https://github.com/netauth.png","language":"Go","funding_links":[],"categories":["Go","golang"],"sub_categories":[],"readme":"NetAuth\n=======\nNetAuth is a network identity and authentication provider.  It allows\nyou to have one user account that is available to a lot of different\nmachines.\n\nThe ultimate goal is to have a small service which could live in a\nsmall VM and provide fleet wide authentication and identity services\nfor a small fleet of machines.\n\nWhat Does it Do?\n----------------\n\nIf you're familiar with LDAP and Kerberos, you can skip down to the\nnext section, NetAuth is an implementation of the services that LDAP\nand Kerberos can provide for a network, but with a much smaller scope\nand certain assumptions.\n\nNetAuth provides two key components: a limited directory of user\ninformation, and a secrets store.  The directory provides the most\ncritical information about an entitiy such as the ID, numeric ID,\nname, etc.  What NetAuth does NOT provide is a general purpose\ndirectory.  That is something which is not really in scope for a small\nauthentication service and is implemented exceptionally well by the\nLDAP standard.  If you want such a server you should really setup\nLDAP, which you could either use for authentication (something it was\nnot designed for) or use it as a directory that just contains\ninformation.  If you need to authenticate your access to LDAP it would\nnot be too difficult to back up LDAP into NetAuth, but this\nfunctionality is left as an exercise to the reader.\n\nFor identity NetAuth provides a fairly standard password verification\nsystem that is not unlike that used by a website login system.  The\nuser's password is sent via a secure channel to the NetAuth server\nwhere it is validated against a hashed copy.  If the password checks\nout, then NetAuth will return a success message to the calling client.\nIn failure cases NetAuth will return a message to the client\nexplaining the failure.\n\nWhy is this written in Go?\n--------------------------\n\nI like Go and it works well with protobuf without needing the host\noperating system to have good support on its own.  Its not the most\nideal language for interfacing with PAM or nsswitch, but for writing\nservers that work with gRPC its quite nice.\n\nWhy does this communicate using gRPC and not my favorite protocol?\n------------------------------------------------------------------\n\nI like the RPC paradigm, it works well for what I am trying to achieve\nhere and can work without any real thought about the transport.  gRPC\nspecifically is capable of working in an environment where the only\noutbound connection allowed is HTTP, which is a core design goal of\nthis project.  While it is a binary protocol, the protobuf definition\nis public and this will let you do all the normal things such as\ndebugging with wireshark (assuming you have the appropriate security\nsettings in place to observe HTTPS traffic).\n\nHow do I hook up other things to NetAuth?\n-----------------------------------------\n\nThere are several systems available to plug in to NetAuth.  For Linux\nhosts you can use\n[pam_netauth](https://github.com/netauth/pam_netauth) and\n[nsscache](https://github.com/netauth/nsscache).  If you want to pull\nssh keys, then you probably want\n[netkeys](https://github.com/netauth/netkeys).\n\nIf you use Okta, you'll probably be interested in the\n[Okta Plugin](https://github.com/netauth/plugin-okta) which can\nautomatically mirror your NetAuth entities and groups into Okta.\n\nOther modules are coming, if you want to help out, reach out in\n`#netauth-dev` on Libera.\n\nWhy wouldn't you use LDAP and Kerberos?  Why did you build this?\n----------------------------------------------------------------\n\nI managed a network that used LDAP and Kerberos for a number of years.\nThese are some incredible technologies and I quite enjoyed the feature\nsets they provide.  The problem though is that LDAP is a slimmed down\nversion of a protocol so complex it could never be implemented (the\nDAP), and Kerberos is a protocol that makes certain assumptions about\nthe state of the network and the services that are available.  Both\nLDAP and Kerberos require tooling to interact with and as far and wide\nas I have searched, I have found no good tooling that allows one to\ninteract with the two as a single identity management platform (likely\nbecause they aren't).\n\nWhile I am a die-hard FOSS supporter and contributor, Microsoft's\nActive Directory is by my book the gold standard of tooling for\nmanaging an authentication and identity provider.  It is intuitive,\nall-in-one and most importantly, it makes the underlying LDAP and\nKerberos servers behave as a single virtual service.  I thought long\nand hard about whether or not I wanted to just build a frontend to\nLDAP and Kerberos to handle the managerial tasks, but I came to the\nconclusion that if I was going to write software from the ground up, I\nwould like to just rebuild the entire stack as a slimmed down version\nthat would do exactly what I wanted.  If nothing else I will gain a\nstrong appreciation for the work done by the developers of Kerberos\nand LDAP.\n\nIf I was still managing networks with thousands of users I would\nprobably still stand up LDAP and Kerberos.  If I needed a directory of\narbitrary information, LDAP is still my first stop.  If I needed to do\nvery novel and interesting crypto to secure the network fabric I would\nstill use Kerberos.  For simple authentication on my home network or\non the Open Source projects I'm involved in, however, these\ntechnologies are overkill.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetauth%2Fnetauth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnetauth%2Fnetauth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetauth%2Fnetauth/lists"}