Kerberos Proxy Authentication Library

A header-only C++ library that provides Kerberos authentication functionality for HTTP proxy authentication scenarios.

Dependencies

# Debian
sudo apt-get install libkrb5-dev libssl-dev

# CentOS/RHEL
sudo yum install krb5-devel openssl-devel

Installation

The library is header-only, so you can simply include it in your project. To install for system-wide use, you can build and install it using CMake:

mkdir build
cd build
cmake ..
make
sudo make install

Usage

CMake Integration

To use this library in your CMake project, add the following to your CMakeLists.txt:

find_package(kerberos_proxy_auth REQUIRED)
target_link_libraries(your_target PRIVATE kerberos_proxy_auth::kerberos_proxy_auth)

# Or with pkg-config
find_package(PkgConfig REQUIRED)
pkg_check_modules(KERBEROS_PROXY_AUTH REQUIRED kerberos_proxy_auth)
target_link_libraries(your_target PRIVATE ${KERBEROS_PROXY_AUTH_LIBRARIES})
target_include_directories(your_target PRIVATE ${KERBEROS_PROXY_AUTH_INCLUDE_DIRS})

Basic Usage Example

#include <kerberos_proxy_auth.hpp>
#include <iostream>

int main() {
    try {
        // Acquire default Kerberos credentials
        auto credentials = kerberos_proxy_auth::Credentials::getDefault();

        // Or acquire credentials with username and password
        // auto credentials = kerberos_proxy_auth::Credentials::get("username@domain.com", "password");

        // Create authenticator with the credentials
        kerberos_proxy_auth::Authenticator auth(credentials);

        // Start authentication with proxy host
        auto token = auth.start("proxy.example.com");
        std::cout << "Initial token: " << token << std::endl;

        // Continue authentication loop until complete
        std::string challenge;
        while (!auth.isComplete()) {
            std::cout << "Enter challenge token from proxy server: ";
            std::getline(std::cin, challenge);

            if (challenge.empty()) {
                std::cerr << "Challenge token cannot be empty" << std::endl;
                break;
            }

            token = auth.processChallenge(challenge);
            if (!token.empty()) {
                std::cout << "Response token: " << token << std::endl;
            }
        }

        if (auth.isComplete()) {
            std::cout << "Authentication complete!" << std::endl;
        } else {
            std::cout << "Authentication incomplete" << std::endl;
        }

    } catch (const kerberos_proxy_auth::Exception& e) {
        std::cerr << "Authentication error: " << e.what() << std::endl;
    } catch (const std::exception& e) {
        std::cerr << "Error: " << e.what() << std::endl;
    }

    return 0;
}

API Overview

Classes

• Credentials: Manages Kerberos credential acquisition

  • getDefault(): Acquires default system credentials
  • get(login, password): Acquires credentials with username/password

• Authenticator: Handles the authentication process

  • start(host): Initiates authentication with a host
  • processChallenge(token): Processes a challenge response
  • isComplete(): Checks if authentication is complete

Exception Hierarchy

• Exception: Base exception class
  • GSSAPIException: GSSAPI-specific errors with status codes
  • CredentialException: Credential-related errors
  • AuthenticationException: Authentication failures
  • TokenException: Token processing errors
  • InvalidArgumentException: Invalid input parameters
  • SystemException: System/resource errors