| examples | ||
| .gitignore | ||
| auth.go | ||
| auth_stub.go | ||
| auth_windows.go | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| README.md | ||
go-vcenter-auth
A lightweight, standalone Go package for vCenter authentication supporting both username/password and Windows integrated authentication (SSPI/Kerberos).
Features
- Simple API - Clean interface with loose parameters for easy integration
- Multiple auth methods:
- Username/Password authentication
- Windows integrated authentication (SSPI/Kerberos) - Windows only
- Session caching - Automatic caching to avoid repeated logins
- Cross-platform - Works on all platforms (SSPI on Windows only)
- Context support - Proper context handling for timeouts and cancellation
- Built on govmomi - Uses the official VMware vSphere API Go bindings
Installation
go get github.com/skabbio1976/go-vcenter-auth
Usage
Basic Authentication (Username/Password)
package main
import (
"context"
"fmt"
"time"
vcauth "github.com/skabbio1976/go-vcenter-auth"
)
func main() {
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
client, err := vcauth.Login(
ctx,
"vcenter.example.com", // host
"administrator@vsphere.local", // username
"password", // password
true, // insecure (skip TLS verification)
)
if err != nil {
panic(err)
}
fmt.Println("Successfully logged in to vCenter!")
// Get underlying vim25.Client for advanced operations
vim := client.GetVim()
// ... use vim client for vSphere operations
}
Windows Integrated Authentication (SSPI/Kerberos)
package main
import (
"context"
"fmt"
"time"
vcauth "github.com/skabbio1976/go-vcenter-auth"
)
func main() {
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
// Uses current Windows user's credentials
client, err := vcauth.LoginSSPI(
ctx,
"vcenter.example.com", // host
false, // insecure
)
if err != nil {
panic(err)
}
fmt.Println("Successfully logged in via SSPI!")
vim := client.GetVim()
// ... use vim client
}
Working with the Cached Client
// Get the cached client (returns nil if no cached session)
cachedVim := vcauth.GetCachedClient()
if cachedVim != nil {
// Use cached session
}
// Clear the cache when needed
vcauth.ClearCache()
API Reference
Login(ctx, host, username, password, insecure) (*Client, error)
Authenticates to vCenter using username and password.
Parameters:
ctx- Context for timeout/cancellation (can be nil for default 30s timeout)host- vCenter hostname or IP (e.g., "vcenter.example.com")username- vCenter username (e.g., "administrator@vsphere.local")password- vCenter passwordinsecure- If true, skip TLS certificate verification
Returns: *Client or error
LoginSSPI(ctx, host, insecure) (*Client, error) (Windows only)
Authenticates to vCenter using Windows integrated authentication (Kerberos/SSPI). Uses the current Windows user's credentials.
Parameters:
ctx- Context for timeout/cancellation (can be nil for default 30s timeout)host- vCenter hostname or IPinsecure- If true, skip TLS certificate verification
Returns: *Client or error
Note: Returns ErrSSPINotSupported on non-Windows platforms.
Client.GetVim() *vim25.Client
Returns the underlying govmomi vim25.Client for advanced vSphere operations.
GetCachedClient() *vim25.Client
Returns the cached vim25.Client if available, nil otherwise.
ClearCache()
Clears the cached session.
Dependencies
Platform Support
- All platforms: Username/Password authentication
- Windows only: SSPI/Kerberos authentication
Session Caching
The package automatically caches successful sessions to avoid repeated authentication. The cache is checked based on:
- Host
- Username (for Login)
- Session key
To clear the cache, call ClearCache().
Examples
See the examples directory for complete working examples.
Acknowledgments
Special thanks to:
- alexbrainman for the excellent sspi package, which makes the Windows SSPI/Kerberos authentication possible and smooth. Without this library, the seamless single sign-on experience would not have been achievable.
License
MIT License
Contributing
Contributions are welcome! Please open an issue or submit a pull request.