Recently, I came across a maintained pure-go kerberos client and server [0].
I am now in the process of adding SPNEGO authentication to the Go
avatica client [1].
For the implementation, the plan is to make it as close to the official
(java) client's implementation as possible. For SPNEGO, to Java client
uses these 2 parameters: principal and keytab.
The keytab parameter is easy to understand: a path to a keytab file.
I'd like to confirm what a valid string for the principal looks like.
- Is it a Service Principal Name?
- What are the valid formats for the principal? A valid SPN looks like
User1/User2@realm.
- For the above example, I am assuming user2 can be optional.
- Can the realm be optional?
Cheers,
Francis
[0] https://github.com/jcmturner/gokrb5
[1] https://github.com/Boostport/avatica
