adaltas/node-krb5

Getting Access Denied

alefbt opened this issue · 1 comments

i need quick access to get tokens, when i accessing multiple times from this code:

var krb5 = require('krb5');
var debug = require('debug')('dbg');

var config = {
  target:'http://localhost:3003',
  principal: 'valid@EXAMPLE.COM',
  keytab: '/etc/krb5.keytab',
  service_principal: 'HTTP@localhost',
}

var k = krb5({
  principal: config.principal,
  keytab: config.keytab,
  service_principal: config.service_principal,
  renew: true
});

k.kinit(function(err) {
  if(err)
    return debug("ERR KiNIT",err);

  k.token(function(err, token) {
    if(err)
      return debug("ERR token",err);
    //proxyEmitter.emit('proxy.spengo.token',token);
    return console.log("WWWW",token);
  });
});

So i getting randomly "Permission denied" (even i run this code in root, also installed with sudo npm -g etc...):

[user@host folder]$ DEBUG=* node index.js 
WWWW YIICZA.........etc.....deyGPUA==
[user@host folder]$ DEBUG=* node index.js 
  RestProxy:proxy ERR KiNIT Error: Permission denied
    at Error (native) +0ms
[user@host folder]$ DEBUG=* node index.js 
  RestProxy:proxy ERR KiNIT Error: Permission denied
    at Error (native) +0ms
[user@host folder]$ DEBUG=* node index.js 
WWWW YIICZQYGKwYBBQUCoII........etc...... JylPg=
[user@host folder]$ DEBUG=* node index.js 
WWWW YIICewYGKwYBBQUCoIICbzCCAmugDT.........etc.........2TpjP7QWEAybd
[user@host folder]$ DEBUG=* node index.js 
WWWW YIICZQYGKwYBBQUCo............etc.......KBvX2kXRMDQFQ=
[user@host folder]$ DEBUG=* node index.js 
  RestProxy:proxy ERR KiNIT Error: Permission denied
    at Error (native) +0ms

Have idea?

Old issue but replying if someone gets there.

Your REST proxy could be detecting identical or out of sequence request and refusing them. GSSAPI provides the flag GSS_C_REPLAY_FLAG and GSS_C_SEQUENCE_FLAG to control that parameter. More information on those mechanisms here.
Looking at the logs of the REST server is the way to go.