Node.js中的Kerberos身份验证https.get或https.request [英] Kerberos authentication in Node.js https.get or https.request

问题描述

我正在尝试编写一个简单的脚本，从内部网络上的工具请求一些数据。以下是代码：

I'm trying to write a simple script that requests some data from a tool on an internal network. Here is the code:

#!/usr/bin/node

var https = require('https');
var fs = require('fs');

var options = {
  host: '<link>',
  port: 443,
  path: '<path>',
  auth: 'username:password',
  ca: [fs.readFileSync('../.cert/newca.crt')]
};

https.get(options, function(res) {
  console.log("Got response: " + res.statusCode);
  res.on('data', function (d) {
    console.log('BODY: ' + d);
  });
}).on('error', function(e) {
  console.log("Got error: " + e.message);
});

现在的问题是，如何使用Kerberos票证进行身份验证，而不是在<？ code> auth：以纯文本形式？

Now the question is, how can I use a Kerberos ticket to authenticate rather than supplying my credentials in auth: in plain text?

推荐答案

在Paul Scheltema的回答中，你需要从操作系统的深度获取ticketdata。您（或代表您的模块）必须使用GSS-API为您创建Active Directory生成的ticketdata。

In Paul Scheltema's answer, you need to get ticketdata from depth of operating system. You (or a module on behalf of you) must use GSS-API to have ticketdata generated by Active Directory for you.

这种机制存在于Chrome中，但似乎它没有包含在Node.js中（只有Chrome的javascript引擎），所以你可能需要添加一个模块，例如：

Such mechanism is present in Chrome, but it seems that it's not included in Node.js (only the javascript engine from Chrome), so you may need to add a module, for example:

• Passport-Kerberos： https://www.npmjs.org/package/passport-kerberos 和 http ：//passportjs.org/guide/


• Kerberos（npm install kerberos）


• 在github的Node.js源代码中有迹象表明有人一直在使用Bones模块（ https：// github.com/joyent/node/search?q=kerberos&ref=cmdform ）。 3年前，使用DES（此编码类型非常弱并且已被弃用多年）

• Passport-Kerberos: https://www.npmjs.org/package/passport-kerberos and http://passportjs.org/guide/
• Kerberos (npm install kerberos)
• In source code of Node.js at github there's a trace that someone has been using Bones module for that (https://github.com/joyent/node/search?q=kerberos&ref=cmdform). 3 years ago, with DES (this encoding type is very weak and has been deprecated for years)

要安装/编译此类模块，您需要可能需要Visual Studio。

To install/compile such module you may need to have Visual Studio.

要设置环境，
- 在所有计算机上你必须拥有tcp和udp在端口88（Kerberos）和53（dns）上启用。
- 在Windows Server上Active Directory必须正在运行（ldap，dns，kdc）
- 在页面 https://www.npmjs.org/package/passport-kerberos 他们使用术语REALM。它是域名，书面大写。

To set up environment, - On all computers you must have tcp and udp enabled on ports 88 (Kerberos) and 53 (dns). - On Windows Server Active Directory must be running (ldap, dns, kdc) - On the page https://www.npmjs.org/package/passport-kerberos they use term REALM. It's a name of domain, written uppercase.

这篇关于Node.js中的Kerberos身份验证https.get或https.request的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！