Node.js https.get 或 https.request 中的 Kerberos 身份验证 [英] Kerberos authentication in Node.js https.get or https.request

问题描述

我正在尝试编写一个简单的脚本，从内部网络上的工具请求一些数据.代码如下:

I'm trying to write a simple script that requests some data from a tool on an internal network. Here is the code:

#!/usr/bin/node

var https = require('https');
var fs = require('fs');

var options = {
  host: '<link>',
  port: 443,
  path: '<path>',
  auth: 'username:password',
  ca: [fs.readFileSync('../.cert/newca.crt')]
};

https.get(options, function(res) {
  console.log("Got response: " + res.statusCode);
  res.on('data', function (d) {
    console.log('BODY: ' + d);
  });
}).on('error', function(e) {
  console.log("Got error: " + e.message);
});

现在的问题是，如何使用 Kerberos 票证进行身份验证而不是在 auth: 中以纯文本形式提供我的凭据?

Now the question is, how can I use a Kerberos ticket to authenticate rather than supplying my credentials in auth: in plain text?

推荐答案

在 Paul Scheltema 的回答中，您需要从操作系统的深度获取票证数据.您(或代表您的模块)必须使用 GSS-API 来让 Active Directory 为您生成票证数据.

In Paul Scheltema's answer, you need to get ticketdata from depth of operating system. You (or a module on behalf of you) must use GSS-API to have ticketdata generated by Active Directory for you.

Chrome 中存在这种机制，但 Node.js 中似乎没有包含(仅 Chrome 中的 javascript 引擎)，因此您可能需要添加一个模块，例如:

Such mechanism is present in Chrome, but it seems that it's not included in Node.js (only the javascript engine from Chrome), so you may need to add a module, for example:

• Passport-Kerberos:https://www.npmjs.org/package/passport-kerberos 和 http://passportjs.org/guide/
• Kerberos(npm 安装 kerberos)
• 在 github 的 Node.js 源代码中，有迹象表明有人为此使用了 Bones 模块(https://github.com/joyent/node/search?q=kerberos&ref=cmdform).3 年前，使用 DES(这种编码类型非常弱，已被弃用多年)

• Passport-Kerberos: https://www.npmjs.org/package/passport-kerberos and http://passportjs.org/guide/
• Kerberos (npm install kerberos)
• In source code of Node.js at github there's a trace that someone has been using Bones module for that (https://github.com/joyent/node/search?q=kerberos&ref=cmdform). 3 years ago, with DES (this encoding type is very weak and has been deprecated for years)

要安装/编译此类模块，您可能需要有 Visual Studio.

To install/compile such module you may need to have Visual Studio.

要设置环境，- 在所有计算机上，您必须在端口 88 (Kerberos) 和 53 (dns) 上启用 tcp 和 udp.- 在 Windows Server 上必须运行 Active Directory(ldap、dns、kdc)- 在页面 https://www.npmjs.org/package/passport-kerberos他们使用术语 REALM.它是域名，大写.

To set up environment, - On all computers you must have tcp and udp enabled on ports 88 (Kerberos) and 53 (dns). - On Windows Server Active Directory must be running (ldap, dns, kdc) - On the page https://www.npmjs.org/package/passport-kerberos they use term REALM. It's a name of domain, written uppercase.

这篇关于Node.js https.get 或 https.request 中的 Kerberos 身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！