Skip to content

Authentication Patterns

Jump to bottom
Jacob Paullus edited this page Apr 17, 2026 · 1 revision

Authentication Patterns

All protocol clients support three authentication methods through the unified session.Credentials struct.

Password

creds := &session.Credentials{
    Domain:   "CORP",
    Username: "admin",
    Password: "Password1",
}

Pass-the-Hash

creds := &session.Credentials{
    Domain:   "CORP",
    Username: "admin",
    Hash:     ":aad3b435b51404eeaad3b435b51404ee",
}

Kerberos

From ccache (environment variable)

os.Setenv("KRB5CCNAME", "/path/to/admin.ccache")

creds := &session.Credentials{
    Domain:      "CORP.LOCAL",
    Username:    "admin",
    UseKerberos: true,
    DCIP:        "10.0.0.1",
}

From keytab

creds := &session.Credentials{
    Domain:      "CORP.LOCAL",
    Username:    "svc-account",
    UseKerberos: true,
    DCIP:        "10.0.0.1",
    Keytab:      "/path/to/svc.keytab",
}

From password (requests TGT automatically)

creds := &session.Credentials{
    Domain:      "CORP.LOCAL",
    Username:    "admin",
    Password:    "Password1",
    UseKerberos: true,
    DCIP:        "10.0.0.1",
}

Clone this wiki locally