Uploaded image for project: 'Node.js Driver'
  1. Node.js Driver
  2. NODE-2824

AD/Kerberos initializeServer | SSO implementaton

    • Type: Icon: Task Task
    • Resolution: Won't Fix
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: kerberos
    • Environment:
      centos 7

      Based on the following https://gist.github.com/pluma/67e4fb9e1c715ef1b96e3be582a0691b example, I'm trying to validate a kerberos ticket obtained from an I.E browser.  However, I'm stuck at the initaliseServer step. 

      
       kerberos.initializeServer(`HTTPS@blueberries.example.org:358`, (err, server) => {
                      if (err) {
                              next(err);
                              console.error("initServer failed", err);
                              return;
                      }
      
                      const match = /^Negotiate (.+)$/.exec(req.get("authorization") || "");
                      if (!match) {
                              console.log("hello");
                              console.log("contextComplete", server.contextComplete);
                              console.log("targetName", server.targetName);
                              console.log("response", server.response);
                              res.status(401);
                              res.set("WWW-Authenticate", "Negotiate");
                              res.end();
                              return;
                      }
      
      Sep 16 11:34:09 blueberries.example.org node[16654]: initServer failed [Error: Unspecified GSS failure.  Minor code may provide more information: No key table entry found matching HTTPS/blueberries.example.org:358/example.org@]

      When I look at my ketab using kinit the principal name is

      HTTPS/blueberries.example.org:358/example.org@example.org.

      I don't understand how the initializeServer finds the realm name. Perhaps my server config are incomplete or is there a way to set the realm in the kerberos.js lib?

            Assignee:
            kaitlin.mahar@mongodb.com Kaitlin Mahar
            Reporter:
            grandeyl@gmail.com Y.Leonce Eyog
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: