Support for non-file credential caches

jcmturner / gokrb5

Pure Go Kerberos library for clients and services

Apache License 2.0

729 stars 249 forks source link

Support for non-file credential caches #427

Open jake-scott opened 3 years ago

jake-scott commented 3 years ago

Other libraries make use of credential cache types other then FILE: - for example KCM or KEYRING.

If there is appetite for inclusion, I would be happy to contribute support.

jake-scott commented 3 years ago

See #426 for suggestion on how to implement this.

martamatos commented 3 years ago

Hi @jake-scott, just out of curiosity have you had any progress on this? I'm also trying to use a KEYRING cache these days and would like to stick to this library :)

chlunde commented 3 years ago

I had to expose ParsePrincipal and ParseCredential to use Linux krb5 ccache in the kernel keyring (and https://github.com/jsipprell/keyctl/pull/5). So I wonder if the API you suggest would support this, @jake-scott.

        c := new(credentials.CCache)
        c.Version = 4
        p := 0
        var endian binary.ByteOrder
        endian = binary.BigEndian

        cache, err := LookupTGT()
        if err != nil {
                log.Fatalf("could find TGT in keyring cache: %v", err)
        }
        cred, err := credentials.ParseCredential(cache, &p, c, &endian)
        if err != nil {
                log.Fatalf("could not login client: %v", err)
        }

        c.Credentials = append(c.Credentials, cred)

29x10 commented 2 years ago

Any update on this request?

m-vinc commented 1 year ago

Hey ! I just work on a way to do this and write a little poc, honestly I don't know if this is the best way to do this but that seems to work ! Here is my poc and my fork of gokrb5 which implement the function to parse credential from what we got from linux keyring.