Categories
https javascript kerberos node.js

Kerberos authentication in Node.js https.get or https.request

I’m trying to write a simple script that requests some data from a tool on an internal network. Here is the code:

#!/usr/bin/node
var https = require('https');
var fs = require('fs');
var options = {
host: '<link>',
port: 443,
path: '<path>',
auth: 'username:password',
ca: [fs.readFileSync('../.cert/newca.crt')]
};
https.get(options, function(res) {
console.log("Got response: " + res.statusCode);
res.on('data', function (d) {
console.log('BODY: ' + d);
});
}).on('error', function(e) {
console.log("Got error: " + e.message);
});

Now the question is, how can I use a Kerberos ticket to authenticate rather than supplying my credentials in auth: in plain text?

In Paul Scheltema’s answer, you need to get ticketdata from depth of operating system. You (or a module on behalf of you) must use GSS-API to have ticketdata generated by Active Directory for you.

Such mechanism is present in Chrome, but it seems that it’s not included in Node.js (only the javascript engine from Chrome), so you may need to add a module, for example:

To install/compile such module you may need to have Visual Studio.


To set up environment,
– On all computers you must have tcp and udp enabled on ports 88 (Kerberos) and 53 (dns).
– On Windows Server Active Directory must be running (ldap, dns, kdc)
– On the page https://www.npmjs.org/package/passport-kerberos they use term REALM. It’s a name of domain, written uppercase.