[Question] Unauthorized after kinit

Question

[Question] Unauthorized after kinit

antonionappi88 opened this issue 2 years ago · comments

Hello,
I'm writing a small module to perform kinit and then run a OS command but it seems that i'm not able to make it working.

package main

import (
	"gopkg.in/jcmturner/gokrb5.v7/config"
	"gopkg.in/jcmturner/gokrb5.v7/client"
	//"gopkg.in/jcmturner/gokrb5.v7/spnego"
	"os/exec"
	"fmt"
	"os"
	//"net/http"
	//"bufio"

	
)

func main(){
	cfg, _ := config.Load("/etc/krb5.conf")

	cl := client.NewClientWithPassword("MYUSER","EXAMPLE.COM","MYPWD", cfg, client.DisablePAFXFAST(true))
	
	cl.Login()
	tkt, key, err := cl.GetServiceTicket("HTTP/hello.example.com")
	fmt.Println("TICKET")
	fmt.Println(tkt)
	fmt.Println("KEY")
	fmt.Println(key)
	fmt.Println(err)
	cmd := exec.Command("/usr/bin/hello_client", "hello.example.com")
	cmd.Stdout = os.Stdout
	cmd.Stderr = os.Stderr
	cmd.Run()

}

but i get always Unauthorized. I couldn't see find any valid ticket in the klist command but it seems that the ticket is correct. Do you know what am I'm missing ?

Thanks

Jonathan Turner · Answer 1 · Tue Dec 06 2022 00:22:37 GMT+0800 (China Standard Time)

gokrb5 does not write the ticket out to a file that command line tools like klist and your user/bin/hello_client command would use to read them from. gokrb5 is intended for clients written in Go. If you are looking to use unix command line tools then I would recommend just using kinit instead.