Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/joanlopez/kerberos-devenv
Kerberos development environment based on Docker Compose
https://github.com/joanlopez/kerberos-devenv
Last synced: about 2 months ago
JSON representation
Kerberos development environment based on Docker Compose
- Host: GitHub
- URL: https://github.com/joanlopez/kerberos-devenv
- Owner: joanlopez
- Created: 2023-11-16T14:56:37.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2023-12-12T14:45:26.000Z (about 1 year ago)
- Last Synced: 2023-12-12T15:46:50.310Z (about 1 year ago)
- Language: Go
- Size: 22.5 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# kerberos-devenv
[Kerberos](https://en.wikipedia.org/wiki/Kerberos_(protocol)) development environment based on [Docker Compose](https://docs.docker.com/compose/).
## Overview
The setup is composed by the following containers:
- `kerberos-server`: the Kerberos server, defined in [Dockerfile.server](Dockerfile.server), with
configuration and the [kadm5.acl](kadm5.acl) ACL rules, which runs [krb5kdc-init.sh](krb5kdc-init.sh) script to initialize
the Kerberos database and register some principals (user and service), ahd has [start.sh](start.sh) as entrypoint.
- `kerberos-client`: the Kerberos client, defined in [Dockerfile.client](Dockerfile.client), which also relies on
[krb5.conf](krb5.conf) configuration, and has `krb5-user` packages installed, so you can use `kinit` and `klist` commands.
_It's configured to run endlessly (`tail -f /dev/null`), so you can `sh` into it to play with these commands._
- `apache-server`: the HTTP service available at `http.example.com`, based on [Apache](https://httpd.apache.org/),
defined in [Dockerfile.apache](Dockerfile.apache), which also relies on [krb5.conf](krb5.conf) configuration, and its
service is [configured to use Kerberos auth](apache-kerberos.conf), with credentials defined in [http.keytab](http.keytab).
- `go-app`: a simple Go application, defined in [Dockerfile.app](Dockerfile.app), which also relies on [krb5.conf](krb5.conf)
configuration, that uses [github.com/jcmturner/gokrb5](https://github.com/jcmturner/gokrb5) library to authenticate against
the Kerberos server and perform a request against the HTTP service. _It's configured to run endlessly (`tail -f /dev/null`),
so you can `sh` into it to play with these commands._## Usage
1. Clone this repository: `git clone https://github.com/joanlopez/kerberos-devenv.git`
2. Build the Docker images: `docker-compose build`
3. Start the Docker containers: `docker-compose up -d`## Technical details:
- **Realm:** EXAMPLE.COM
- **Domain:** example.com
- **Example user principal:** testuser (_testpwd_)
- **HTTP service principal:** HTTP/http.example.com (_httppwd_)## FAQs
### How can I test the Kerberos authentication?
1. Login to the Kerberos client container: `docker-compose exec kerberos-client sh`
2. Ask for a Kerberos ticket: `kinit testuser`
3. Provide the password (`testpwd`), when asked
4. Check the ticket: `klist`### How can I register a new user principal?
1. Login to the Kerberos server container: `docker-compose exec kerberos-server sh`
2. Run: `/usr/sbin/kadmin.local -q "add_principal -pw -kvno 1 "`
1. Find an example in the [krb5kdc-init.sh](krb5kdc-init.sh) script.### How can I register a new service principal?
1. Login to the Kerberos server container: `docker-compose exec kerberos-server sh`
2. Run: `/usr/sbin/kadmin.local -q "add_principal -pw -kvno 1 "`
1. Find an example in the [krb5kdc-init.sh](krb5kdc-init.sh) script.
### How can I generate a keytab file?1. Login to the Kerberos server container: `docker-compose exec kerberos-server sh`
2. Run: `/usr/sbin/kadmin.local -q "ktadd -norandkey -k @"`
1. For instance: `/usr/sbin/kadmin.local -q "ktadd -norandkey -k /tmp/http.keytab HTTP/[email protected]"`### How can I run the Go application?
1. Login to the Go application container: `docker-compose exec go-app sh`
2. Run the binary: `./main`
1. It should dump out a (successful) HTTP response of the Apache server.### How can I see the Kerberos server logs?
1. Login to the Kerberos server container: `docker-compose exec kerberos-server sh`
2. Explore the logs file: `/var/log/krb5kdc.log`
1. For instance: `cat /var/log/krb5kdc.log`