{"id":20038046,"url":"https://github.com/perfectlysoft/perfect-spnego","last_synced_at":"2025-08-21T22:16:26.670Z","repository":{"id":69670152,"uuid":"81244324","full_name":"PerfectlySoft/Perfect-SPNEGO","owner":"PerfectlySoft","description":"A general Server Side Swift library that implements SPNEGO mechanism.","archived":false,"fork":false,"pushed_at":"2018-02-09T17:35:21.000Z","size":23,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-05-25T12:02:01.709Z","etag":null,"topics":["gss","gssapi","kerberos","spnego"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PerfectlySoft.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-02-07T19:13:29.000Z","updated_at":"2019-04-25T17:50:39.000Z","dependencies_parsed_at":null,"dependency_job_id":"a7ee684f-9a7c-4a22-ba74-48bfb6c67528","html_url":"https://github.com/PerfectlySoft/Perfect-SPNEGO","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/PerfectlySoft/Perfect-SPNEGO","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerfectlySoft%2FPerfect-SPNEGO","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerfectlySoft%2FPerfect-SPNEGO/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerfectlySoft%2FPerfect-SPNEGO/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerfectlySoft%2FPerfect-SPNEGO/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PerfectlySoft","download_url":"https://codeload.github.com/PerfectlySoft/Perfect-SPNEGO/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerfectlySoft%2FPerfect-SPNEGO/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271553091,"owners_count":24779820,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-21T02:00:08.990Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gss","gssapi","kerberos","spnego"],"created_at":"2024-11-13T10:24:59.930Z","updated_at":"2025-08-21T22:16:26.644Z","avatar_url":"https://github.com/PerfectlySoft.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Perfect-SPNEGO [简体中文](README.zh_CN.md)\n\n\u003cp align=\"center\"\u003e\n    \u003ca href=\"http://perfect.org/get-involved.html\" target=\"_blank\"\u003e\n        \u003cimg src=\"http://perfect.org/assets/github/perfect_github_2_0_0.jpg\" alt=\"Get Involed with Perfect!\" width=\"854\" /\u003e\n    \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/PerfectlySoft/Perfect\" target=\"_blank\"\u003e\n        \u003cimg src=\"http://www.perfect.org/github/Perfect_GH_button_1_Star.jpg\" alt=\"Star Perfect On Github\" /\u003e\n    \u003c/a\u003e  \n    \u003ca href=\"http://stackoverflow.com/questions/tagged/perfect\" target=\"_blank\"\u003e\n        \u003cimg src=\"http://www.perfect.org/github/perfect_gh_button_2_SO.jpg\" alt=\"Stack Overflow\" /\u003e\n    \u003c/a\u003e  \n    \u003ca href=\"https://twitter.com/perfectlysoft\" target=\"_blank\"\u003e\n        \u003cimg src=\"http://www.perfect.org/github/Perfect_GH_button_3_twit.jpg\" alt=\"Follow Perfect on Twitter\" /\u003e\n    \u003c/a\u003e  \n    \u003ca href=\"http://perfect.ly\" target=\"_blank\"\u003e\n        \u003cimg src=\"http://www.perfect.org/github/Perfect_GH_button_4_slack.jpg\" alt=\"Join the Perfect Slack\" /\u003e\n    \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n    \u003ca href=\"https://developer.apple.com/swift/\" target=\"_blank\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/Swift-3.0-orange.svg?style=flat\" alt=\"Swift 3.0\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://developer.apple.com/swift/\" target=\"_blank\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/Platforms-OS%20X%20%7C%20Linux%20-lightgray.svg?style=flat\" alt=\"Platforms OS X | Linux\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"http://perfect.org/licensing.html\" target=\"_blank\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/License-Apache-lightgrey.svg?style=flat\" alt=\"License Apache\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"http://twitter.com/PerfectlySoft\" target=\"_blank\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/Twitter-@PerfectlySoft-blue.svg?style=flat\" alt=\"PerfectlySoft Twitter\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"http://perfect.ly\" target=\"_blank\"\u003e\n        \u003cimg src=\"http://perfect.ly/badge.svg\" alt=\"Slack Status\"\u003e\n    \u003c/a\u003e\n\u003c/p\u003e\n\nThis project provides a general server library which provides SPNEGO mechanism.\n\nThis package builds with Swift Package Manager and is part of the [Perfect](https://github.com/PerfectlySoft/Perfect) project.\n\nEnsure you have installed and activated the latest Swift 3.0 tool chain.\n\n### Before Start\n\nPerfect SPNEGO is aiming on a general application of Server Side Swift, so it could be plugged into *ANY* servers, such as HTTP / FTP / SSH, etc.\n\nAlthough it supports Perfect HTTP server natively, it could be applied to any other Swift servers as well.\n\nBefore attaching to any actual server applications, please make sure your server has been already configured with Kerberos V5.\n\n### Xcode Build Note\n\nIf you would like to use Xcode to build this project, please make sure to pass proper linker flags to the Swift Package Manager:\n\n```\n$ swift package -Xlinker -framework -Xlinker GSS generate-xcodeproj\n```\n\n### Linux Build Note\n\nA special library called libkrb5-dev is required to build this project:\n\n```\n$ sudo apt-get install libkrb5-dev\n```\n\nIf your server is a KDC, then you can skip this step, otherwise please install Kerberos V5 utilities:\n\n```\n$ sudo apt-get install krb5-user\n```\n\n\n### KDC Configuration\n\nConfigure the application server's /etc/krb5.conf to your KDC. The following sample configuration shows how to connect your application server to realm `KRB5.CA` under control of a KDC named `nut.krb5.ca`:\n\n```\n[realms]\nKRB5.CA = {\n\tkdc = nut.krb5.ca\n\tadmin_server = nut.krb5.ca\n}\n[domain_realm]\n.krb5.ca = KRB5.CA\nkrb5.ca = KRB5.CA\n```\n\n### Prepare Kerberos Keys for Server\nContact to your KDC administrator to assign a `keytab` file to your application server.\n\nTake example, *SUPPOSE ALL HOSTS BELOW REGISTERED ON THE SAME DNS SERVER*:\n\n- KDC server: nut.krb5.ca\n- Application server: coco.krb5.ca\n- Application server type: HTTP\n\nIn such a case, KDC administrator shall login on `nut.krb5.ca` then perform following operation:\n\n```\nkadmin.local: addprinc -randkey HTTP/coco.krb5.ca@KRB5.CA\nkadmin.local: ktadd -k /tmp/krb5.keytab HTTP/coco.krb5.ca@KRB5.CA\n```\n\nThen please ship this krb5.keytab file securely and install on your application server `coco.krb5.ca` and move to folder `/etc`, then grant sufficient permissions to your swift application to access it.\n\n## Quick Start\n\nAdd the following dependency to your project's Package.swift file:\n\n``` swift\n.Package(url: \"https://github.com/PerfectlySoft/Perfect-SPNEGO.git\", majorVersion: 1)\n```\n\nThen import Perfect-SPNEGO to your source code:\n\n``` swift\nimport PerfectSPNEGO\n```\n\n### Connect to KDC\n\nUse the key in your default keytab `/etc/krb5.keytab` file on application server to register your application server to the KDC.\n\n``` swift\nlet spnego = try Spnego(\"HTTP@coco.krb5.ca\")\n```\n\nPlease note that the host name and protocol type *MUST* match the records listed in the keytab file.\n\n### Respond to A Spnego Challenge\n\nOnce initialized, object `spnego` could respond to the challenges. Take example, if a user is trying to connect to the application server as:\n\n```\n$ kinit rocky@KRB5.CA\n$ curl --negotiate -u : http://coco.krb5.ca\n```\n\nIn this case, the curl command would possibly send a base64 encoded challenge in the HTTP header:\n\n```\n\u003e Authorization: Negotiate YIICnQYGKwYBBQUCoIICkTCCAo2gJzAlBgkqhkiG9xIBAgI ...\n```\n\nOnce received such a challenge, you could apply this base64 string to the `spnego` object:\n```\nlet (user, response) = try spnego.accept(base64Token: \"YIICnQYGKwYBBQUCoIICkTCCAo2gJzAlBgkqhkiG9xIBAgI...\")\n```\n\nIf succeeded, the user would be \"rocky@KRB5.CA\". The variable `response` might be `nil` which indicates nothing is required to reply such a token, otherwise you should send this `response` back to the client.\n\nUp till now, your application had already got the user information and request, then the application server might decide if this user could access the objective resource or not, according to your ACL (access control list) configuration.\n\n## Further Information\nFor more information on the Perfect project, please visit [perfect.org](http://perfect.org).\n\n## Acknowledgement\n\nFor rapid development purposes, this repo includes an base64 implementation developed by Sean Starkey \u003csean@seanstarkey.com\u003e but it is subject to Perfect's future development.\n[https://github.com/SeanStarkey/base64](https://github.com/SeanStarkey/base64)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fperfectlysoft%2Fperfect-spnego","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fperfectlysoft%2Fperfect-spnego","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fperfectlysoft%2Fperfect-spnego/lists"}