通过javascript或HTML 5实现的Kerberos

I have been tasked with setting up a server which uses a web based control interface using kerberos and active directory for authentication. I am using twisted.web as the web server. The issue is that I do not want user passwords coming through this server, but I don't know if it is possible for firefox and chrome to get access keys from the kerberos key server. Specifically it must work with firefox, other browsers would be a bonus. Is there a javascript library, possibly using HTML5 or a firefox plugin that allows for authentication to an untrusted server using kerberos? A flash application might also be possible.

我的任务是设置一个服务器，该服务器使用基于web的控制界面，使用kerberos和active directory进行身份验证。我用扭曲。web作为web服务器。问题是我不希望用户密码通过这个服务器，但是我不知道firefox和chrome是否可能从kerberos密钥服务器获得访问密钥。具体来说，它必须与firefox兼容，其他浏览器将会是一个额外的奖励。是否有javascript库，可能使用HTML5或firefox插件，允许使用kerberos对不受信任的服务器进行身份验证?flash应用程序也可以。

1 个解决方案

#1

Maybe you could through a reverse proxy in front of twisted and use http auth from the web app and delegate authentication itself to Kerberos via an apache or nginx module.

也许您可以通过twisted前面的反向代理，使用web应用程序中的http auth，并通过apache或nginx模块将自己的身份验证委托给Kerberos。

While the proxy will receive the password, the twisted server won't, in line with your use case. Requests would be intercepted by the proxy and delegated to your back end (proxy_pass) following a successful authentication.

虽然代理将接收密码，但是twisted server不会，这与您的用例是一致的。在成功的身份验证之后，请求将被代理截获并委托给您的后端(proxy_pass)。

This way your solution would work independently from any http client/web browser.

这样，您的解决方案将独立于任何http客户机/web浏览器工作。

#1