package
8.4.4
Repository: https://github.com/jcmturner/gokrb5.git
Documentation: pkg.go.dev

# README

Notes on GSS-API Negotiation Mechanism

https://tools.ietf.org/html/rfc4178

Client sends an initial negotiation message to the server which specifies the list of mechanisms the client can support in order of decreasing preference. This message is generated with the NewNegTokenInitKrb5 method. The message generated by this function specifies only a kerberos v5 mechanism is supported.

The RFC states that this message can optionally contain the initial mechanism token for the preferred mechanism (KRB5 in this case) of the client. The NewNegTokenInitKrb5 includes this in the message.

The server side responds to this message with a one of four messages:

Message Type/StateDescription
accept-completedindicates that the initiator-selected mechanism was acceptable to the target, and that the security mechanism token embedded in the first negotiation message was sufficient to complete the authentication
accept-incompleteAt least one more message is needed from the client to establish security context.
rejectNegotiation is being terminated.
request-mic(this state can only be present in the first reply message from the target) indicates that the MIC token exchange is REQUIRED if per-message integrity services are available

# Functions

NewContextFlags creates a new ContextFlags instance DEPRECATED - do not use.
NewInitiatorMICToken builds a new initiator token (acceptor flag will be set to 0) and computes the authenticated checksum.
NewInitiatorWrapToken builds a new initiator token (acceptor flag will be set to 0) and computes the authenticated checksum.

# Constants

GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
GSS-API context flags assigned numbers.
FillerByte is a filler in the WrapToken structure.
HdrLen is the length of the Wrap Token's header.
MICTokenFlagAcceptorSubkey - a subkey asserted by the context acceptor is used to protect the message.
MICTokenFlagSealed - this flag indicates confidentiality is provided for.
MICTokenFlagSentByAcceptor - this flag indicates the sender is the context acceptor.
Indicates the client cannot get a service ticket and asks the server to serve as an intermediate to the target KDC.
MechType OID for Kerberos 5.
MechType OID for Kerberos 5.
GSS-API OID names.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.
GSS-API status values.

# Structs

MICToken represents a GSS API MIC token, as defined in RFC 4121.
Status is the GSS-API status and implements the error interface.
WrapToken represents a GSS API Wrap token, as defined in RFC 4121.

# Interfaces

ContextToken is an interface for a GSS-API context token.
Mechanism is the GSS-API interface for authentication mechanisms.

# Type aliases

ContextFlags flags for GSSAPI DEPRECATED - do not use.
OIDName is the type for defined GSS-API OIDs.