I am trying to use Kerberos.js - https://github.com/mongodb-js/kerberos
Specifically KerberosClient to authenticate against a windows authentication website. This works well, but I want to use the principal mentioned in Options passed to InitializeClient to authenticate with a specific user and not the user that started the node service. However setting principal does nothing. Does anyone have a working example of this?
Any suggestions appreciated.
Specifying just the user will of course do nothing because a Kerberos client cannot just authenticate as another principal without having the credentials for it.
With Kerberos.js, it seems that you can specify the password as options.password
– this is not documented, perhaps because it's not implemented for the Unix GSSAPI backend, only for Windows SSPI – but from looking at the source code it seems like it ought to work.
That is, I would try:
initializeClient("HTTP@foo.example.com",
{ username: "fred",
password: "F00bar" })
The other way would be to provide the credentials externally, as is traditional with Kerberos. For Windows, that would mean storing the password for that principal via cmdkey
. (And since the stored credentials on Windows are already associated with a specific hostname, you probably won't have to specify anything at all for the client context.)