node.jskerberos

How do I use Kerberos js with options principal?


I am trying to use Kerberos.js - https://github.com/mongodb-js/kerberos

Specifically KerberosClient to authenticate against a windows authentication website. This works well, but I want to use the principal mentioned in Options passed to InitializeClient to authenticate with a specific user and not the user that started the node service. However setting principal does nothing. Does anyone have a working example of this?

Any suggestions appreciated.


Solution

  • Specifying just the user will of course do nothing because a Kerberos client cannot just authenticate as another principal without having the credentials for it.

    With Kerberos.js, it seems that you can specify the password as options.password – this is not documented, perhaps because it's not implemented for the Unix GSSAPI backend, only for Windows SSPI – but from looking at the source code it seems like it ought to work.

    That is, I would try:

    initializeClient("HTTP@foo.example.com",
                     { username: "fred",
                       password: "F00bar" })
    

    The other way would be to provide the credentials externally, as is traditional with Kerberos. For Windows, that would mean storing the password for that principal via cmdkey. (And since the stored credentials on Windows are already associated with a specific hostname, you probably won't have to specify anything at all for the client context.)