Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Kerberos via javascript or HTML 5

Tags:

javascript

active-directory

twisted

kerberos

I have been tasked with setting up a server which uses a web based control interface using kerberos and active directory for authentication. I am using twisted.web as the web server. The issue is that I do not want user passwords coming through this server, but I don't know if it is possible for firefox and chrome to get access keys from the kerberos key server. Specifically it must work with firefox, other browsers would be a bonus. Is there a javascript library, possibly using HTML5 or a firefox plugin that allows for authentication to an untrusted server using kerberos? A flash application might also be possible.

like image 716
Perkins Avatar asked Jan 20 '12 23:01

Perkins

People also ask

What replaces Kerberos?

There are no real contenders to replace Kerberos in the pipeline. Most of the advancements in security are to protect your password or provide a different method of validating who you are to Kerberos. Kerberos is still the back-end technology.

How do I enable Kerberos authentication in Chrome?

How to Enable Kerberos Authentication in Google Chrome. You can configure these setting using GPO for Chrome (AuthServerWhitelist policy) or using the registry parameter AuthNegotiateDelegateWhitelist located in registry key HKLM\SOFTWARE\Policies\Google\Chrome (How to deploy a registry keys using GPO).

How does Kerberos Spnego work?

The Kerberos service ticket (SPNEGO token) proves the user's identity and permissions to the service (Liberty server). The client browser then responds to the Liberty server Authenticate: Negotiate challenge with the SPNEGO token that is obtained in the previous step in the request HTTP header.

1 Answers

Maybe you could through a reverse proxy in front of twisted and use http auth from the web app and delegate authentication itself to Kerberos via an apache or nginx module.

While the proxy will receive the password, the twisted server won't, in line with your use case. Requests would be intercepted by the proxy and delegated to your back end (proxy_pass) following a successful authentication.

This way your solution would work independently from any http client/web browser.

like image 93
pdeschen Avatar answered Sep 23 '22 01:09

pdeschen
Sign in to Comment

Related questions

Tree shaking of shared dependencies in webpack 5 module federation
Micro front end in react [closed]
Touch events are not triggered on video tags on safari for iPhone
Open a local HTML file using window.open in Chrome
How to stop browser from scrolling when text is selected? Potential browser bug?
Is Google's V8 JavaScript engine available for iOS?
What can I do to optimize my ajax application for IE7/IE8 in order to avoid "Stop running this script"?
Is it possible to upload file via $.ajax(options) or xhr.send(file) only?
Preloading a youtube embed
Code assist - external javascript library in Aptana
Writing a managed wrapper for Chromium [closed]
How to select text using CodeMirror2 code in UIWebview IOS 5
Can Web Worker `importScripts` method access scripts cached by the main thread?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!