Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wondering if I can use this to authenticate to Active Directory #5

Open
naikrovek opened this issue Dec 26, 2023 · 3 comments
Open

Comments

@naikrovek
Copy link

This is more of a question than an issue, and discussions aren't set up on this repo or organization, so I guess I'll ask here.

Is there a way to use this to authenticate an LDAP connection to Active Directory? I'm writing a command line application in Go which interacts with an on-premise AD domain and I'd like to avoid storing secrets if I can help it. Each user already has a valid Kerberos ticket and is authenticated to AD, I just don't know how to make use of that when I want to talk to LDAP.

Thank you!

@naikrovek
Copy link
Author

I should mention that I am on MacOS.

@jake-scott
Copy link
Collaborator

jake-scott commented Jan 5, 2024

Hi - thanks for the interest. Right now the code is not in a state that it should be used in a production context .. while I'm fairly happy with the GSSAPI code, the underlying go-native Kerberos library isn't as well maintained as it needs to be. I actually started this with the same goal of providing krb auth for LDAP but never managed to spend enough time on it unfortunately. I think that the native go krb library needs some feeding and watering and/or a well supported C binding needs to exist for GSSAPI on Go to be something I would use in prod. In the mean time I wonder if mTLS is a better option for AD?..

@naikrovek
Copy link
Author

I'll look into that, thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants