Minor client enhancements, PAC parsing improvements and other bug fixes

Enhancements

• Method available to destroy a client
• default_realm no longer mandatory in client krb5 configuration

Bugs Resolved

• Bug fixes in PAC parsing
• Closer RFC adherence by not using principal name type in equivalence test
• Improved key usage number selection for authenticator encryption

Important client bug fixes and minor enhancements

Summary:
This release resolves issues that would:

• Cause authentication failures when curl used as an SPNEGO client
• Leaking goroutines on clients. Causing issues when a client is long running.
• Ignore kerberos options settings in the krb5 client configuration.
• Result in a race condition if a client session renewal happened to coincide with accessing the session.

The release also includes some minor improvements to the SPNEGO http handler wrapper.

Details:
Bugs resolved:

• Geometric growth of goroutines in client. (#132)
• Client sessions suffered from race condition. (#140)
• Error decrypting authenticator when name type is KRB5-NT-SRV-HST. (#148)
• KRB options were not set correctly on KDC requests. (#139)

Enhancements:

• Added the example/example.go to the CI Travis build to ensure it remains working. (#137)
• Clarified documentation of the arguments to the SPNEGO http handler wrapper. (#147)
• Enable the keytab principal arguement to the SPNEGO http handler wrapper to include the "@<REALM>" suffix. (#147)

Credential expiry and goroutine leak fix

• Fix to goroutine leak on client session auto renew
• Credential now has expiry field

Minor golint fixes

Fixes minor golint issues.

Client password change and refactor

New Features

• A client can now change their password via the kpasswd_server (typically listening on port 464). See

Differences from v4

The major revision has occurred due to changes in the following public methods.
If you are using these some code change will be required. If not, then your code should be unaffected:

• func (cl *Client) client.ASExchange()
  Now requires an AS_REQ as an argument. If you were using this directly I recommend looking to using the client's Login() function instead.

• func (cl *Client) client.RenewTicket()
  This function has been made private as it should never have been public and was likely of little use. To renew a ticket simply call the client's GetServiceTicket() and any ticket for the SPN provided will be renewed by this call.

• messages.NewASReq()
  As part of delivering the password change feature it was clear there was a need for AS requests of a type other than for a TGT. This function still exists but is more generic and requires a NamePrincipal to be passed in for the server name. If you were using this in v4 you should update to use messages.NewASReqForTGT()

handle principal names with slashes

• resolves issues where principal names with slashes were not handled correctly resulting in keys not being retrieved from the keytab
• update to error line formating

Handle tab indents in krb5.conf

• Handle tab indents in krb5.conf

Keytab marshal to []byte and write to file

• Marshal Keytab to []byte slice
• Write Keytab to io.Writer

Version 4

• 32bit support
• Support for tickets restricted to host addresses
• Modified gssapi func deprecated in v3.

Version 3

• Fixed issue #74 which required some changes to public functions and therefore the iteration to version 3.
• Remove deprecated method gssapi.NewKRB5APREQMechToken