#kerberos #authentication #algorithm #key #user #server

himmelblau_kerberos_crypto

Cryptography algorithms for Kerberos

2 releases

0.4.1 Jul 3, 2024
0.4.0 Jun 21, 2024

#655 in Cryptography

42 downloads per month
Used in 2 crates

AGPL-3.0

140KB
3.5K SLoC

Kerbeiros

Kerberos client

Concepts

  • KDC (Key Distribution Center): Service that distributes the tickets. The host that provides this server is also called KDC.
  • TGS (Ticket Granting Server): Ticket used to authenticate the user against a specified service.
  • TGT (Ticket Granting Ticket): Ticket used to retrieve the TGS's from the KDC.

Examples

Asking for a TGT:

use kerbeiros::*;
use ascii::AsciiString;
use std::net::*;

// Prepare the arguments
let realm = AsciiString::from_ascii("CONTOSO.COM").unwrap();
let kdc_address = IpAddr::V4(Ipv4Addr::new(192, 168, 0, 1));
let username = AsciiString::from_ascii("Bob").unwrap();
let user_key = Key::Password("S3cr3t".to_string());

// Request the TGT
let tgt_requester = TgtRequester::new(realm, kdc_address);
let credential = tgt_requester.request(&username, Some(&user_key)).unwrap();

// Save the ticket into a Windows format file
credential.save_into_krb_cred_file("bob_tgt.krb").unwrap();

// Save the ticket into a Linux format file
credential.save_into_ccache_file("bob_tgt.ccache").unwrap();

Development

Code style

Follow the rustfmt code style.

To format code:

cargo fmt

Test

To run tests:

cargo test

References


lib.rs:

Kerberos crypto

Library to implement the cryptographic algorithms involved in the kerberos protocol.

The library provides different ciphers. The ciphers are classes which implements the diferent algorithms. All of them implement the KerberosCipher trait.

Supported algorithms

  • RC4-HMAC
  • AES128-CTS-HMAC-SHA1-96
  • AES256-CTS-HMAC-SHA1-96

Dependencies

~2.5–3.5MB
~65K SLoC