Features
- Server Side
- HTTP handler wrapper implements SPNEGO Kerberos authentication
- HTTP handler wrapper decodes Microsoft AD PAC authorization data
- Client Side
- Client that can authenticate to an SPNEGO Kerberos authenticated web service
- General
- Kerberos libraries for custom integration
- Parsing Keytab files
- Parsing krb5.conf files
- Parsing client credentials cache files such as
/tmp/krb5cc_$(id -u $(whoami))
Implemented Encryption & Checksum Types
| Implementation | Encryption ID | Checksum ID | RFC |
|---|---|---|---|
| des3-cbc-sha1-kd | 16 | 12 | 3961 |
| aes128-cts-hmac-sha1-96 | 17 | 15 | 3962 |
| aes256-cts-hmac-sha1-96 | 18 | 16 | 3962 |
| aes128-cts-hmac-sha256-128 | 19 | 19 | 8009 |
| aes256-cts-hmac-sha384-192 | 20 | 20 | 8009 |
| rc4-hmac | 23 | -138 | 4757 |
Capabilities
- Interaction with KDCs that implement PA-FX-FAST.
- Support for users that have pre-authentication required using PA-ENC-TIMESTAMP.
- Microsoft PAC Authorization Data is processed and exposed in the HTTP request context. Available if Microsoft Active Directory is used as the KDC.