Project

rkerberos

0.02
No release in over 3 years
rkerberosrkerberos/rkerberosHomepageDocumentationSource CodeBug TrackerWiki
The rkerberos library is an interface for the Kerberos 5 network authentication protocol. It wraps the Kerberos C API.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
 Popularity
Downloads
154,553
Stars
14
Forks
13
Watchers
4
 Releases
Current version
0.2.3
Total releases
10
First release
1980-01-02
Latest release
2016-10-17
 Issues
Open Issues
0
Closed Issues
19
Total Issues
19
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
1
Closed Pull Requests
10
Merged Pull Requests
42
Pull Request Acceptance Rate
79%
 Development
Primary Language
C
Licenses
Artistic-2.0
Average date of last 50 commits
2026-03-05
Reverse Dependencies
3

 Dependencies

Development

net-ldap
>= 0
rake-compiler
>= 0
rspec
>= 3.0
 Project Readme

Ruby

Description

The rkerberos library provides a Ruby interface for Kerberos.

Code synopsis

Some basic usage:

require 'rkerberos'

# Client
krb = Kerberos::Krb5.new
puts krb.default_realm
puts krb.default_principal
puts krb.get_permitted_enctypes.keys.join(',')

# Credentials cache
cc = Kerberos::Krb5::CredentialsCache.new
krb.verify_init_creds(nil, nil, cc)
puts cc.primary_principal

# Keytab
kt_name = Kerberos::Krb5::Keytab.new.default_name # e.g. "FILE:/etc/krb5.keytab"
krb.get_init_creds_keytab('host/server.example.com', kt_name)
krb.get_init_creds_keytab('host/server.example.com', kt_name, nil, cc) # or write to cache

# Admin
Kerberos::Kadm5.new(principal: ENV['KRB5_ADMIN_PRINCIPAL'], password: ENV['KRB5_ADMIN_PASSWORD']) do |kadmin|
  kadmin.create_principal('newuser@EXAMPLE.COM', 'initialpass')
  kadmin.set_password('newuser@EXAMPLE.COM', 'betterpass')
  kadmin.delete_principal('newuser@EXAMPLE.COM')
end

# Contexts
ctx = Kerberos::Krb5::Context.new # standard context
ctx = Kerberos::Krb5::Context.new(profile: '/etc/krb5.conf') # or use a profile
ctx = Kerberos::Krb5::Context.new(secure: true) # or use a secure context
ctx.close

Requirements

Linux

Install krb5 development libraries using your package manager. For example:

  # Debian/Ubuntu
  sudo apt-get install libkrb5-dev

  # Fedora/RHEL
  sudo dnf install krb5-devel

Then install this gem:

  gem install rkerberos

or if using bundler:

  bundle install

Kerberos 1.7.0 or later, including admin header and library files.

OS X

Install krb5 using homebrew:

`brew install krb5`

then install this gem using the homebrew version of krb5:

# Or '/opt/homebrew/opt/krb' depending on your system
`gem install rkerberos -- --with-rkerberos-dir=/usr/local/opt/krb5`

or if using bundler:

`bundle config --global build.rkerberos --with-rkerberos-dir=/usr/local/opt/krb5`
`bundle install`

Testing

Prerequisites

  • Ruby 3.4 or later
  • Docker or Podman
  • docker-compose or podman-compose

Running Tests with Docker

  1. Start the Kerberos and LDAP services:

    docker-compose up -d

  2. Run the test suite:

    docker-compose run --rm rkerberos-test bundle exec rspec

  3. Stop the services when done:

    docker-compose down

    Add the --remove-orphans switch if it's being a pain.

Running Tests with Podman

  1. Start the Kerberos and LDAP services:

    podman-compose up -d

  2. Run the test suite:

    podman-compose run --rm rkerberos-test

  3. Stop the services when done:

    podman-compose down

Local Development

If you make changes to the Ruby code or C extensions:

  1. Rebuild the test container:

    podman-compose build --no-cache rkerberos-test

  2. Run the tests again:

    podman-compose run --rm rkerberos-test

Alternatively, you can just run containerized tests via the spec:compose Rake task. This task runs the same containerized workflow used above and prefers podman-compose with a docker-compose fallback.

# build image and run RSpec inside the test container
rake spec:compose
# skip the build step by passing a positional or named argument:
# (equivalent forms)
rake spec:compose[true]
rake "spec:compose[fast=true]"

The test environment includes:

  • MIT Kerberos KDC (Key Distribution Center)
  • OpenLDAP server for directory services
  • Pre-configured test principals and keytabs

Notes

The rkerberos library is a repackaging of my custom branch of the krb5_auth library. Eventually the gem djberg96-krb5_auth will be removed from the gem index.

MIT vs Heimdal

This code was written for the MIT Kerberos library. It has not been tested with the Heimdal Kerberos library.

TODO

  • Create a separate class for the replay cache.
  • Better credentials cache support.
  • Ability to add and delete keytab entries.

Authors

  • Daniel Berger
  • Dominic Cleal
  • Simon Levermann

License

rkerberos is distributed under the Artistic-2.0 license.