This is a Go based KDC Proxy designed for use against Active Directory.
go install github.com/andrewheberle/kdcproxy/cmd/[email protected]
./kdcproxy --listen :8080docker run -p 8080:8080 ghcr.io/andrewheberle/kdcproxy:v1.3.1To run via HTTPS:
docker run -p 8443:8080 \
-e KDC_PROXY_CERT=/ssl/server.crt \
-e KDC_PROXY_KEY=/ssl/server.key \
-v /path/to/certificates:/ssl:ro \
ghcr.io/andrewheberle/kdcproxy:v1.3.1The application supports the following options:
| Command Line Option | Environment Variable | Default | Usage |
|---|---|---|---|
| --listen | KDC_PROXY_LISTEN | 127.0.0.1:80801 | Service listen address |
| --cert | KDC_PROXY_CERT | TLS Certificate (optional) | |
| --key | KDC_PROXY_KEY | TLS KEY (optional) | |
| --krb5conf | KDC_PROXY_KRB5CONF | Path to krb5.conf (optional) | |
| --rate | KDC_PROXY_RATE | 10 | Requests per second to the KDC allowed (optional) |
It is optional to provide a MIT krb5.conf configuration file. Without this, the service defaults to using DNS to look up the KDC's for the realm to send requests.
In most cases, assuming DNS resolution is working and the required DNS SRV records are in place, this should not be required.
This service follows the MS-KKDCP specification that is published here:
This was initially based on the KDC Proxy implementation here:
https://github.com/bolkedebruin/rdpgw
In addition a lot of the logic for the service to make things work came from:
https://github.com/latchset/kdcproxy
Footnotes
-
The default for the container is ":8080" ↩