Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
menu search
person
editAsk a Question
Welcome To Ask or Share your Answers For Others

Categories

javascript - Kerberos authentication in Node.js https.get or https.request

in Technique[技术] by (71.8m points)

I'm trying to write a simple script that requests some data from a tool on an internal network. Here is the code:

#!/usr/bin/node

var https = require('https');
var fs = require('fs');

var options = {
  host: '<link>',
  port: 443,
  path: '<path>',
  auth: 'username:password',
  ca: [fs.readFileSync('../.cert/newca.crt')]
};

https.get(options, function(res) {
  console.log("Got response: " + res.statusCode);
  res.on('data', function (d) {
    console.log('BODY: ' + d);
  });
}).on('error', function(e) {
  console.log("Got error: " + e.message);
});

Now the question is, how can I use a Kerberos ticket to authenticate rather than supplying my credentials in auth: in plain text?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
461 views
Welcome To Ask or Share your Answers For Others

1 Answer

by (71.8m points)

from http://docs.oracle.com/cd/E24191_01/common/tutorials/authn_kerberos_service.html

Client Token Location for Message-Level Standards: The Kerberos Service ticket can either be sent in the Authorization HTTP header or inside the message itself, for example, inside a element. Alternatively, it may be contained within a message attribute. Select one of the following options:

so instead of your username:password you provide the ticket

alternatively you can as stated below that information put it in the message body or as a message attribute

var request = https.request(options, function(resource) {
  var chunks = [];
   resource.on('data', function (chunk) {
     chunks.push(chunk);
   });
   resource.on('end', function () {
     var data = chunks.join('');
     console.log(data);
   });
}

request.on('error',...)
request.send('<body-with-ticket>');
request.end();

EDIT:

the "" part was my example of where to use the ticket, put it in a multiytype body and send that, alternatively use the WWW-Authenticate header to send it

eg. add it to the options on https.request

options = {
    host: 'hostname',
    port: 443, 
    'WWW-Authenticate': 'Negotiate ' + ticketdata
};

google has some nice diagrams on how it works: https://developers.google.com/search-appliance/kb/secure/kerberos-diagram


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share

Just Browsing Browsing

548k questions

547k answers

4 comments

86.3k users

Most popular tags

Theme made by Momin Raza, Modified by Ostack
Powered by Question2Answer
...