Skip to content

structured-world/krb5-rs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

77 Commits
.github
.github
 
 
examples
examples
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.test.yml
docker-compose.test.yml
 
 

Repository files navigation

krb5-rs

Pure Rust Kerberos V5 implementation. GSSAPI, SPNEGO, PKINIT.

No C FFI. No system krb5. No libgssapi. Just cargo add krb5-rs.

Features

  • Kerberos V5 Client — TGT acquisition, service ticket requests
  • GSSAPI/SPNEGO — HTTP Negotiate authentication
  • PKINIT — X.509 certificate-based authentication
  • FAST — Flexible Authentication via Secure Tunneling
  • Credential Cache — Read/write ccache and keytab formats

Why?

MIT Kerberos and Heimdal are massive C codebases (~450K and ~620K SLOC respectively) with decades of CVEs. Every Rust project needing Kerberos auth depends on FFI bindings to these C libraries, inheriting their build complexity and security risks.

krb5-rs is a ground-up Rust implementation using rasn (ASN.1) + RustCrypto. Pure Rust, single binary, cross-compiles to musl.

Status

Pre-release. API is unstable. Not ready for production use.

RFCs

RFC Description Status
RFC 4120 Kerberos V5 core Planned
RFC 4121 GSSAPI mechanism Planned
RFC 3961 Encryption specs Planned
RFC 4556 PKINIT Planned
RFC 6113 FAST Planned

License

Apache-2.0

About

Pure Rust Kerberos V5: GSSAPI, SPNEGO, PKINIT. No C FFI, no system krb5 dependency.

Topics

rust authentication active-directory kerberos gssapi spnego pure-rust

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages