Kerberos Authentication #4464

New Issue

Open

opened 2026-02-05 08:56:50 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2026-02-05 08:56:50 +03:00

Owner

Copy Link

Originally created by @PiRomant on GitHub (Feb 15, 2024).

Describe the feature you'd like

Option to authenticate using Kerberos, a widely used network authentication protocol.

Describe the benefits this would bring to existing BookStack users

This will enhance security and streamline the authentication process for users who are already using Kerberos in their environment.

Can the goal of this request already be achieved via other means?

Using the AD FS with SAML

Have you searched for an existing open/closed issue?

• I have searched for existing issues and none cover my fundamental request

How long have you been using BookStack?

Under 3 months

Additional context

No response

Originally created by @PiRomant on GitHub (Feb 15, 2024). ### Describe the feature you'd like Option to authenticate using Kerberos, a widely used network authentication protocol. ### Describe the benefits this would bring to existing BookStack users This will enhance security and streamline the authentication process for users who are already using Kerberos in their environment. ### Can the goal of this request already be achieved via other means? Using the AD FS with SAML ### Have you searched for an existing open/closed issue? - [X] I have searched for existing issues and none cover my fundamental request ### How long have you been using BookStack? Under 3 months ### Additional context _No response_

OVERLORD added the 🔨 Feature Request label 2026-02-05 08:56:50 +03:00

OVERLORD commented 2026-02-05 08:56:59 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Feb 15, 2024):

Thanks for the suggestion @PiRomant,
From my view, I wouldn't be keen to support additional auth systems without there being a clear and significant demand/requirement from the user-base, and since I've had very little request for this in the last 8 years, I don't think it's evident that such a demand/requirement is there.

@ssddanbrown commented on GitHub (Feb 15, 2024): Thanks for the suggestion @PiRomant, From my view, I wouldn't be keen to support additional auth systems without there being a clear and significant demand/requirement from the user-base, and since I've had very little request for this in the last 8 years, I don't think it's evident that such a demand/requirement is there.

OVERLORD commented 2026-02-05 08:57:01 +03:00

Author

Owner

Copy Link

@aSysadminStory commented on GitHub (Oct 10, 2025):

Hi,
First of all, thank you for your amazing work on Bookstack — it’s an excellent wiki platform: simple, stable, and very well designed 👏
I understand your position on authentication systems, but in a modern Active Directory environment, Kerberos isn’t an optional feature — it’s the foundation of security.

Once an account is part of the Protected Users group, simple LDAP authentication (even over LDAPS) is no longer allowed.
This means Bookstack becomes unusable for any user account that follows Microsoft’s recommended security standards.

In short, without Kerberos (or GSSAPI) support, Bookstack cannot be properly integrated into a secure AD environment.
That’s unfortunate, because your solution is excellent in every other way.

@aSysadminStory commented on GitHub (Oct 10, 2025): Hi, First of all, thank you for your amazing work on Bookstack — it’s an excellent wiki platform: simple, stable, and very well designed 👏 I understand your position on authentication systems, but in a modern Active Directory environment, Kerberos isn’t an optional feature — it’s the foundation of security. Once an account is part of the Protected Users group, simple LDAP authentication (even over LDAPS) is no longer allowed. This means Bookstack becomes unusable for any user account that follows Microsoft’s recommended security standards. In short, without Kerberos (or GSSAPI) support, Bookstack cannot be properly integrated into a secure AD environment. That’s unfortunate, because your solution is excellent in every other way.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

further_theme_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🔨 Feature Request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#4464