Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@repacks/kerberos

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@repacks/kerberos

Kerberos library for Node.js

  • 2.0.1
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

@repacks/kerberos

If your build system is prevented from downloading the binaries for the kerberos package by a firewall, you will need to create a mirror of the binaries inside your intranet. However, this package is available for those cases where this is not possible.
Check out the link below for more details on what issues it solves.
https://www.mongodb.com/community/forums/t/kerberos-npm-module-how-do-prebuilt-binaries-work/108424

This package is an exact duplicate of the Kerberos package. Additionally, it has embedded the assets included in the Github release.


Kerberos

Build Status

The kerberos package is a C++ extension for Node.js that provides cross-platform support for kerberos authentication using GSSAPI on linux/osx, and SSPI on windows. Much of the code in this module is adapted from ccs-kerberos and winkerberos.

Requirements

Linux

  • python v2.7
  • make
  • A proper C/C++ compiler toolchain, like GCC
  • Distribution-specific kerberos packages (e.g. krb5-dev on Ubuntu)

macOS

  • Xcode Command Line Tools: Can be installed with xcode-select --install
  • Distribution-specific kerberos packages (e.g. krb5 on Homebrew)

Windows

  • Option 1: Install all the required tools and configurations using Microsoft's windows-build-tools by running npm install -g windows-build-tools from an elevated PowerShell (run as Administrator).

  • Option 2: Install dependencies and configuration manually

    1. Visual C++ Build Environment:
    • Option 1: Install Visual C++ Build Tools using the Default Install option.

    • Option 2: Install Visual Studio 2015 (or modify an existing installation) and select Common Tools for Visual C++ during setup.

    :bulb: [Windows Vista / 7 only] requires .NET Framework 4.5.1

    1. Install Python 2.7 or Miniconda 2.7 (v3.x.x is not supported), and run npm config set python python2.7
    2. Launch cmd, npm config set msvs_version 2015

Installation

Now you can install kerberos with the following:

npm install kerberos

Testing

Run the test suite using:

npm test

NOTE: The test suite requires an active kerberos deployment, see test/scripts/travis.sh to better understand these requirements.

Documentation

Classes

KerberosClient
KerberosServer

Functions

checkPassword(username, password, service, [defaultRealm], [callback])Promise

This function provides a simple way to verify that a user name and password match those normally used for Kerberos authentication. It does this by checking that the supplied user name and password can be used to get a ticket for the supplied service. If the user name does not contain a realm, then the default realm supplied is used.

For this to work properly the Kerberos must be configured properly on this machine. That will likely mean ensuring that the edu.mit.Kerberos preference file has the correct realms and KDCs listed.

IMPORTANT: This method is vulnerable to KDC spoofing attacks and it should only be used for testing. Do not use this in any production system - your security could be compromised if you do.

principalDetails(service, hostname, [callback])Promise

This function returns the service principal for the server given a service type and hostname.

Details are looked up via the /etc/keytab file.

initializeClient(service, [options], [callback])Promise

Initializes a context for client-side authentication with the given service principal.

initializeServer(service, [callback])Promise

Initializes a context for server-side authentication with the given service principal.

KerberosClient

Properties

NameTypeDescription
usernamestringThe username used for authentication
responsestringThe last response received during authentication steps
responseConfstringIndicates whether confidentiality was applied or not (GSSAPI only)
contextCompletebooleanIndicates that authentication has successfully completed or not

kerberosClient.step(challenge, [callback])

ParamTypeDescription
challengestringA string containing the base64-encoded server data (which may be empty for the first step)
[callback]function

Processes a single kerberos client-side step using the supplied server challenge.

Returns: Promise - returns Promise if no callback passed

kerberosClient.wrap(challenge, [options], [callback])

ParamTypeDescription
challengestringThe response returned after calling unwrap
[options]objectOptional settings
[options.user]stringThe user to authorize
[callback]function

Perform the client side kerberos wrap step.

Returns: Promise - returns Promise if no callback passed

kerberosClient.unwrap(challenge, [callback])

ParamTypeDescription
challengestringA string containing the base64-encoded server data
[callback]function

Perform the client side kerberos unwrap step

Returns: Promise - returns Promise if no callback passed

KerberosServer

Properties

NameTypeDescription
usernamestringThe username used for authentication
responsestringThe last response received during authentication steps
targetNamestringThe target used for authentication
contextCompletebooleanIndicates that authentication has successfully completed or not

kerberosServer.step(challenge, [callback])

ParamTypeDescription
challengestringA string containing the base64-encoded client data
[callback]function

Processes a single kerberos server-side step using the supplied client data.

Returns: Promise - returns Promise if no callback passed

checkPassword(username, password, service, [defaultRealm], [callback])

ParamTypeDescription
usernamestringThe Kerberos user name. If no realm is supplied, then the defaultRealm will be used.
passwordstringThe password for the user.
servicestringThe Kerberos service to check access for.
[defaultRealm]stringThe default realm to use if one is not supplied in the user argument.
[callback]function

This function provides a simple way to verify that a user name and password match those normally used for Kerberos authentication. It does this by checking that the supplied user name and password can be used to get a ticket for the supplied service. If the user name does not contain a realm, then the default realm supplied is used.

For this to work properly the Kerberos must be configured properly on this machine. That will likely mean ensuring that the edu.mit.Kerberos preference file has the correct realms and KDCs listed.

IMPORTANT: This method is vulnerable to KDC spoofing attacks and it should only be used for testing. Do not use this in any production system - your security could be compromised if you do.

Returns: Promise - returns Promise if no callback passed

principalDetails(service, hostname, [callback])

ParamTypeDescription
servicestringThe Kerberos service type for the server.
hostnamestringThe hostname of the server.
[callback]function

This function returns the service principal for the server given a service type and hostname.

Details are looked up via the /etc/keytab file.

Returns: Promise - returns Promise if no callback passed

initializeClient(service, [options], [callback])

ParamTypeDescription
servicestringA string containing the service principal in the form 'type@fqdn' (e.g. 'imap@mail.apple.com').
[options]objectOptional settings
[options.principal]stringOptional string containing the client principal in the form 'user@realm' (e.g. 'jdoe@example.com').
[options.gssFlags]numberOptional integer used to set GSS flags. (e.g. GSS_C_DELEG_FLAG
[options.mechOID]numberOptional GSS mech OID. Defaults to None (GSS_C_NO_OID). Other possible values are GSS_MECH_OID_KRB5, GSS_MECH_OID_SPNEGO.
[callback]function

Initializes a context for client-side authentication with the given service principal.

Returns: Promise - returns Promise if no callback passed

initializeServer(service, [callback])

ParamTypeDescription
servicestringA string containing the service principal in the form 'type@fqdn' (e.g. 'imap@mail.apple.com').
[callback]function

Initializes a context for server-side authentication with the given service principal.

Returns: Promise - returns Promise if no callback passed

Keywords

FAQs

Package last updated on 06 Apr 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc