{"id":20282190,"url":"https://github.com/ubccr/kerby","last_synced_at":"2025-04-11T07:58:22.045Z","repository":{"id":57492012,"uuid":"35293833","full_name":"ubccr/kerby","owner":"ubccr","description":"Go wrapper for Kerberos GSSAPI","archived":false,"fork":false,"pushed_at":"2024-01-09T19:49:41.000Z","size":24,"stargazers_count":35,"open_issues_count":14,"forks_count":17,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-25T05:36:18.410Z","etag":null,"topics":["go","golang","gssapi","kerberos"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ubccr.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-05-08T17:57:19.000Z","updated_at":"2025-01-19T16:58:07.000Z","dependencies_parsed_at":"2024-06-18T17:22:06.081Z","dependency_job_id":null,"html_url":"https://github.com/ubccr/kerby","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ubccr%2Fkerby","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ubccr%2Fkerby/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ubccr%2Fkerby/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ubccr%2Fkerby/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ubccr","download_url":"https://codeload.github.com/ubccr/kerby/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248360107,"owners_count":21090651,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","golang","gssapi","kerberos"],"created_at":"2024-11-14T14:08:29.116Z","updated_at":"2025-04-11T07:58:22.002Z","avatar_url":"https://github.com/ubccr.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"===============================================================================\nKerby - Go wrapper for Kerberos GSSAPI \n===============================================================================\n\n|godoc|\n\nThis is a port of the PyKerberos library in Go. The main motivation for this\nlibrary was to provide HTTP client authentication using Kerberos. The khttp\npackage provides a transport that authenticates all outgoing requests using\nSPNEGO (negotiate authentication) http://tools.ietf.org/html/rfc4559.\n\nThe C code is adapted from PyKerberos http://calendarserver.org/wiki/PyKerberos.\n\n------------------------------------------------------------------------\nUsage\n------------------------------------------------------------------------\n\nNote: You need the have the krb5-libs/GSSAPI packages installed for your OS.\n\nInstall using go tools::\n\n    $ go get github.com/ubccr/kerby\n\nTo run the unit tests you must have a valid Kerberos setup on the test machine\nand you should ensure that you have valid Kerberos tickets (run 'klist' on the\ncommand line). If you're authentication using a client keytab file you can\noptionally export the env variable KRB5_CLIENT_KTNAME::\n\n    $ export KRB5_CLIENT_KTNAME=/path/to/client.keytab\n    $ export KERBY_TEST_SERVICE=\"service@REALM\"\n    $ export KERBY_TEST_PRINC=\"princ@REALM\"\n    $ go test\n\nExample HTTP Kerberos client authentication using a client keytab file::\n\n    package main\n\n    import (\n        \"fmt\"\n        \"io/ioutil\"\n        \"bytes\"\n        \"net/http\"\n\n        \"github.com/ubccr/kerby/khttp\"\n    )\n\n    func main() {\n        payload := []byte(`{\"method\":\"hello_world\"}`)\n        req, err := http.NewRequest(\n            \"POST\",\n            \"https://server.example.com/json\",\n            bytes.NewBuffer(payload))\n\n        req.Header.Set(\"Content-Type\", \"application/json\")\n\n        t := \u0026khttp.Transport{\n            KeyTab: \"/path/to/client.keytab\",\n            Principal: \"principal@REALM\"}\n\n        client := \u0026http.Client{Transport: t}\n\n        res, err := client.Do(req)\n        if err != nil {\n            panic(err)\n        }\n        defer res.Body.Close()\n\n        data, err := ioutil.ReadAll(res.Body)\n        if err != nil {\n            panic(err)\n        }\n\n        fmt.Printf(\"%d\\n\", res.StatusCode)\n        fmt.Printf(\"%s\", data)\n    }\n\nExample HTTP handler supporting Kerberose authentication::\n\n    func handler(w http.ResponseWriter, req *http.Request) {\n        authReq := strings.Split(req.Header.Get(authorizationHeader), \" \")\n        if len(authReq) != 2 || authReq[0] != negotiateHeader {\n            w.Header().Set(wwwAuthenticateHeader, negotiateHeader)\n            http.Error(w, \"Invalid authorization header\", http.StatusUnauthorized)\n            return\n        }\n\n        ks := new(kerby.KerbServer)\n        err := ks.Init(\"\")\n        if err != nil {\n            log.Printf(\"KerbServer Init Error: %s\", err.Error())\n            http.Error(w, err.Error(), http.StatusInternalServerError)\n            return\n        }\n        defer ks.Clean()\n\n\n        err = ks.Step(authReq[1])\n        w.Header().Set(wwwAuthenticateHeader, negotiateHeader+\" \"+ks.Response())\n\n        if err != nil {\n            log.Printf(\"KerbServer Step Error: %s\", err.Error())\n            http.Error(w, err.Error(), http.StatusUnauthorized)\n            return\n        }\n\n        user := ks.UserName()\n        fmt.Fprintf(w, \"Hello, %s\", user)\n    }\n\nExample adding Kerberos authentication to an http.FileServer using khttp.Handler::\n\n    package main\n\n    import (\n        \"github.com/ubccr/kerby/khttp\"\n        \"log\"\n        \"net/http\"\n    )\n\n    func main() {\n        http.Handle(\"/\", khttp.Handler(http.FileServer(http.Dir(\"/tmp\"))))\n        log.Fatal(http.ListenAndServe(\":8000\", nil))\n    }\n\n------------------------------------------------------------------------\nLicense\n------------------------------------------------------------------------\n\nKerby is released under the Apache 2.0 License. See the LICENSE file.\n\n\n\n.. |godoc| image:: https://godoc.org/github.com/golang/gddo?status.svg\n    :target: https://godoc.org/github.com/ubccr/kerby\n    :alt: Godoc\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fubccr%2Fkerby","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fubccr%2Fkerby","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fubccr%2Fkerby/lists"}