Open Source Kerberos Tooling

Quick Description

KNC is Kerberised NetCat. It works in basically the same way as either netcat or stunnel except that it is uses GSS-API to secure the communication. You can use it to construct client/server applications while keeping the Kerberos libraries out of your programs address space quickly and easily.

KNC is used in the Kharon framework as well.

Let’s say that you want to allow a user “dood@EXAMPLE.ORG” to cat /var/log/messages on a server without logging in. You could write this simple shell script called


if [ X"$KNC_CREDS" != Xdood@EXAMPLE.ORG ]; then
        echo "Permission denied" 1>&2
        exit 1

cat /var/log/messages

You can then run it as a daemon with:

$ KRB5_KTNAME=/path/to/your/keytab knc -l 3666 ./

And remotely connect to it like:

$ knc <service>@<host> 3666 | more

For more usage and examples, please refer to the man page (HTML, PDF) or look at some of our online examples.


The current release is 1.7.1. It is now built using the autoconf framework.


To build, just:

        $ ./configure
        $ make

Install it using “make install”.

The configure script it generated via automake and so it will accept the standard --prefix options if you wish to place the final product in a directory other than the default /usr/local/.

Current Development Sources

The current development sources can be obtained via git:

        $ git clone
or      $ git clone
or      $ git clone

The current sources have been converted to use autoconf and libstool and so can be built and installed:

        $ git clone
        $ cd knc
        $ autoreconf -f -i
        $ ./configure
        $ make
        $ make install

Please note that libknc does not yet have a stable interface and is subject to change. libknc also will not build by default unless one provides a magic flag.


Bill Squier and Roland C. Dowdeswell.


The code is licensed via a BSD/MIT style license.