How to read principals and encrypted keys from Kerboros keytab file on Node JS?

Question

I need to intercept a specific request coming to my Node Server and introduce Kerberos Authentication right there.

Suppose if a request comes for /names/ ,I need to first Kerberos authenticate it and only if it authenticated successfully, I will proceed to fulfill the request.

I have one .keytab file which in my knowledge has the principals and encrypted keys which I need for authentication.

QUESTION: How can I read the .keytab encrypted file on Node JS? I have looked into Node packages like node-krb5 and node-passport but couldn't find a way to read my keytab files

Please assist if you done something similar. Thanks.

Answer 1

I looked at the source for node-krb5 and that's fairly useless. All it does is more or less what kinit does.

My guess is that you would need a node implementation of SPNEGO which a web authentication protocol that uses kerberos. None of the things in your list do that and it's not a trivial thing to write.

I'd suggest you look into putting a server that does support SPNEGO in front of your node application.

Answer 2

You should look at the node passport-negotiate module which implements server side kerberos ticket authentication checking. There's a sample "login" app in the module which demonstrates how to use the module, and if you look at the strategy.js you should see how to use the underlying kerberos support, should you want to bypass passport and do authentication directly.

The actual server-side kerberos functionality is part of npm kerberos module.