Node.js中的Kerberos身份验证https.get或https.request [英] Kerberos authentication in Node.js https.get or https.request
问题描述
我正在尝试编写一个简单的脚本,从内部网络上的工具请求一些数据。以下是代码:
I'm trying to write a simple script that requests some data from a tool on an internal network. Here is the code:
#!/usr/bin/node
var https = require('https');
var fs = require('fs');
var options = {
host: '<link>',
port: 443,
path: '<path>',
auth: 'username:password',
ca: [fs.readFileSync('../.cert/newca.crt')]
};
https.get(options, function(res) {
console.log("Got response: " + res.statusCode);
res.on('data', function (d) {
console.log('BODY: ' + d);
});
}).on('error', function(e) {
console.log("Got error: " + e.message);
});
现在的问题是,如何使用Kerberos票证进行身份验证,而不是在<? code> auth:以纯文本形式?
Now the question is, how can I use a Kerberos ticket to authenticate rather than supplying my credentials in auth:
in plain text?
推荐答案
在Paul Scheltema的回答中,你需要从操作系统的深度获取ticketdata。您(或代表您的模块)必须使用GSS-API为您创建Active Directory生成的ticketdata。
In Paul Scheltema's answer, you need to get ticketdata from depth of operating system. You (or a module on behalf of you) must use GSS-API to have ticketdata generated by Active Directory for you.
这种机制存在于Chrome中,但似乎它没有包含在Node.js中(只有Chrome的javascript引擎),所以你可能需要添加一个模块,例如:
Such mechanism is present in Chrome, but it seems that it's not included in Node.js (only the javascript engine from Chrome), so you may need to add a module, for example:
- Passport-Kerberos: https://www.npmjs.org/package/passport-kerberos 和 http ://passportjs.org/guide/
- Kerberos(npm install kerberos)
- 在github的Node.js源代码中有迹象表明有人一直在使用Bones模块( https:// github.com/joyent/node/search?q=kerberos&ref=cmdform )。 3年前,使用DES(此编码类型非常弱并且已被弃用多年)
- Passport-Kerberos: https://www.npmjs.org/package/passport-kerberos and http://passportjs.org/guide/
- Kerberos (npm install kerberos)
- In source code of Node.js at github there's a trace that someone has been using Bones module for that (https://github.com/joyent/node/search?q=kerberos&ref=cmdform). 3 years ago, with DES (this encoding type is very weak and has been deprecated for years)
要安装/编译此类模块,您需要可能需要Visual Studio。
To install/compile such module you may need to have Visual Studio.
要设置环境,
- 在所有计算机上你必须拥有tcp和udp在端口88(Kerberos)和53(dns)上启用。
- 在Windows Server上Active Directory必须正在运行(ldap,dns,kdc)
- 在页面 https://www.npmjs.org/package/passport-kerberos 他们使用术语REALM。它是域名,书面大写。
To set up environment, - On all computers you must have tcp and udp enabled on ports 88 (Kerberos) and 53 (dns). - On Windows Server Active Directory must be running (ldap, dns, kdc) - On the page https://www.npmjs.org/package/passport-kerberos they use term REALM. It's a name of domain, written uppercase.
这篇关于Node.js中的Kerberos身份验证https.get或https.request的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!