[[!meta title="krb5-auth-dialog GNOME Kerberos Authentication Dialog"]]

Krb5-auth-dialog is a tray applet for the [GNOME](http://gnome.org) Desktop that monitors [Kerberos](http://web.mit.edu/kerberos/www/) tickets.

[[!toc ]]

## Features

* It can alert the user via [notifications](https://specifications.freedesktop.org/notification-spec/notification-spec-latest.html) when the ticket is about to expire.
* Current tickets in the credential cache can be listed.
  * It can be extended using [plugins](https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/blob/main/plugins/ka-plugin-dummy.c). This can be used to extend krb5-auth-dialog to e.g. handle things like [kx509](https://bugzilla.gnome.org/show_bug.cgi?id=347034).
* These plugins are currently available:
	* afs: a plugin to acquire AFS tickets 
	* dummy: a sample plugin printing to the console
	* pam: a plugin invoking the pam stack
* A [DBus][] API for applications to acquire a Kerberos ticket and to remove the credentials cache is provided.
* [DBus][] signals notify applications about acquired, renewed and expired tickets.
* It supports PKinit (e.g. via SmartCard) when built against [Heimdal](http://h5l.org).

## Source Code
The source code is available and browseable via [GNOMEs Gitlab](https://gitlab.gnome.org/GNOME/krb5-auth-dialog):

    git clone https://gitlab.gnome.org/GNOME/krb5-auth-dialog.git

## Releases
Releases are availale from [download.gnome.org](http://download.gnome.org/sources/krb5-auth-dialog/). The current stable release is [44](http://download.gnome.org/sources/krb5-auth-dialog/44/).

## Debian Packages
Debian packges are available from [debian.org](http://packages.debian.org/search?keywords=krb5-auth-dialog).

## Screenshots
The tray icon can be seen [here](http://honk.sigxcpu.org/con/krb5_auth_dialog_updates.html) and [here](http://honk.sigxcpu.org/con/krb5_auth_dialog__new_icon.html). Below are pictures of the password and preferences dialogs:


<div class="screenshots">
[[!img  pwdialog.png size="x150" alt="password dialog"]]
[[!img  prefs.png size="x150" alt="preferences dialog"]]
</div>

The notifications under [GNOME 3][2] look like this:

<div class="screenshots">
[[!img  notify-valid.png alt="valid ticket notification"]]
[[!img  notify-expired.png alt="expired ticket notification"]]
</div>

## Plugins
There are currently three plugins available:

* afs - call aklog or afslog to aquire AFS tickets
* pam - invoke PAM modules
* dummy - example plugin

These plugins can be activated using a [key in GSettings][0]

## DBus API
* There's a DBus API to acquire Kerberos ticktes. See the [examples][1]. [virt-manager][] is using this and [here](http://honk.sigxcpu.org/unsorted-patches/offlineimap_acquire-tgt.diff)'s a patch for [offlineimap][].
* DBus signals notify about acquired, renewed or expired tickets. This can be used to e.g. run [aklog](http://docs.openafs.org/Reference/1/aklog.html) via this [example](https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/commit/c374a7f8dbe6ef40c65752e3f35635d50d6b9260).


## Todo
* Add gnome keyring support ([567701](http://bugzilla.gnome.org/show_bug.cgi?id=567701))
* Remove all wakeups, rely on our gio watch of the ticket cache
* Add cache version, etc. to ticket dialog
* Add fast principal switching
* Make more applications use the DBUS API to make Kerberos a smooth experience on the desktop: 
    * [libsoup](https://bugzilla.gnome.org/show_bug.cgi?id=587145) - used by nautilus and evolution for calendars
    * [Thunderbird](https://bugzilla.mozilla.org/show_bug.cgi?id=524698)
    * Evolution IMAP and SMTP
    * ssh client

### GNOME Goals
Status of current [Gnome goals][] in krb5-auth-dialog:

* [Deprecated GLib symbols][] - done
* [Deprecated Gtk+ symbols][] - done
* [Clean up GLib and GTK+ includes][] - done
* [Use GtkBuilder instead of libglade][] - done
* [Use a correct Generic Name][] - done
* [Use GSeal][] - done
* [Migrate to GSettings / dconf][] - done
* [Migrate to GDBus][] - done

## Authors
krb5-auth-dialog was originally written by Christopher Aillon and is now maintained by Guido Günther <<agx@sigxcpu.org>>.

## Bugs
Please file bug reports via [GNOME's gitlab][3].

## License
krb5-auth-dialog is free software and licensed under the GPL Version 2.

[DBus]: http://dbus.freedesktop.org/
[offlineimap]: http://software.complete.org/software/projects/show/offlineimap
[virt-manager]: http://virt-manager.et.redhat.com/
[Gnome goals]: http://live.gnome.org/GnomeGoals
[Deprecated Glib symbols]: http://live.gnome.org/GnomeGoals/RemoveDeprecatedSymbols/Glib
[Deprecated Gtk+ symbols]: http://live.gnome.org/GnomeGoals/RemoveDeprecatedSymbols/GTK%2B
[Use GtkBuilder instead of libglade]: http://live.gnome.org/GnomeGoals/RemoveLibGladeUseGtkBuilder
[Use GSeal]: http://live.gnome.org/GnomeGoals/UseGseal
[Clean up GLib and GTK+ includes]:  http://live.gnome.org/GnomeGoals/CleanupGTKIncludes
[Add GObject Introspection Support]: http://live.gnome.org/GnomeGoals/AddGObjectIntrospectionSupport
[Migrate to GSettings / dconf]: http://live.gnome.org/GnomeGoals/GSettingsMigration
[Use a correct Generic Name]: http://live.gnome.org/GnomeGoals/CorrectDesktopFiles 
[Migrate to GDBus]: https://bugzilla.gnome.org/show_bug.cgi?id=622885
[0]: http://git.gnome.org/browse/krb5-auth-dialog/tree/README
[1]: http://git.gnome.org/browse/krb5-auth-dialog/tree/examples
[2]: http://www.gnome3.org/
[3]: https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues