search

jcmturner / gokrb5

Pure Go Kerberos library for clients and services
Apache License 2.0
723 stars 245 forks source link

[Question] Unauthorized after kinit #485

Closed antonionappi88 closed 1 year ago

antonionappi88 commented 2 years ago

Hello, I'm writing a small module to perform kinit and then run a OS command but it seems that i'm not able to make it working.

package main

import (
    "gopkg.in/jcmturner/gokrb5.v7/config"
    "gopkg.in/jcmturner/gokrb5.v7/client"
    //"gopkg.in/jcmturner/gokrb5.v7/spnego"
    "os/exec"
    "fmt"
    "os"
    //"net/http"
    //"bufio"

)

func main(){
    cfg, _ := config.Load("/etc/krb5.conf")

    cl := client.NewClientWithPassword("MYUSER","EXAMPLE.COM","MYPWD", cfg, client.DisablePAFXFAST(true))

    cl.Login()
    tkt, key, err := cl.GetServiceTicket("HTTP/hello.example.com")
    fmt.Println("TICKET")
    fmt.Println(tkt)
    fmt.Println("KEY")
    fmt.Println(key)
    fmt.Println(err)
    cmd := exec.Command("/usr/bin/hello_client", "hello.example.com")
    cmd.Stdout = os.Stdout
    cmd.Stderr = os.Stderr
    cmd.Run()

}

but i get always Unauthorized. I couldn't see find any valid ticket in the klist command but it seems that the ticket is correct. Do you know what am I'm missing ?

Thanks

jcmturner commented 1 year ago

gokrb5 does not write the ticket out to a file that command line tools like klist and your user/bin/hello_client command would use to read them from. gokrb5 is intended for clients written in Go. If you are looking to use unix command line tools then I would recommend just using kinit instead.