[39401] in Kerberos
Re: How to get Kerberos token for proxy authentication
daemon@ATHENA.MIT.EDU (Ken Hornstein via Kerberos)
Thu Mar 21 11:50:17 2024
Message-Id: <202403211549.42LFnrb3019859@hedwig.cmf.nrl.navy.mil>
To: Thomas Kula <kula@tproa.net>
cc: kerberos@mit.edu
In-Reply-To: <ZfxRGUGVIIXJ42x+@gozer.tproa.net>
MIME-Version: 1.0
Date: Thu, 21 Mar 2024 11:49:54 -0400
From: Ken Hornstein via Kerberos <kerberos@mit.edu>
Reply-To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>Are you familiar with https://github.com/jcmturner/gokrb5? I've used it
>in the past with some experiments in some Go code I was working on, I
>wasn't touching GSSAPI but there's at least some GSSAPI code in there.
>Might be worth checking out as it's native Go code, no cgo wrapping.
I would caution you that if you are targeting MacOS X as a platform, one
of the most important things is integration with the native credential
cache format (especially if you are assuming your credentials are being
acquired as part of the single signon process). On MacOS X the default
credential cache uses a RPC mechanism to talk to a daemon process (and
that has actually changed to a DIFFERENT RPC service in more recent
versions of MacOS X). My brief look at gokrb5 suggests that it only
supports the FILE credential cache type.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
