Call Kerberos node library from a React application

Question

I am using NodeJS v18.18.0 to build a client React application that authenticates users via Kerberos. I intend to use node library kerberos (https://www.npmjs.com/package/kerberos). This package is a C++ extension for Node.js. All I need to get is a kerberos ticket to a service identified by its SPN.

However, as I need to call the library from a React application running on a browser, I suppose I firstly need to browserify it. In node, using CommonJS, I use the library calling const reactKerb = require('kerberos'); and it all works fine.

In React with ES6, I need to resort to import.

.

This is what I did:

1. Install kerberos

   npm install kerberos
   

2. Edit file kerbConverter.js with this content:

   const reactKerb = require('kerberos');
   module.exports = reactKerb;
   

3. Install and run browserify

   npm install -g browserify
   browserify kerbConverter.js -o reactKerb.js
   

4. Now I am supposed to have the same library in reactKerb.js, callable from React

   In another module I can do

   import kerberos from 'reactKerb';
   

However, when I run the React application I get these errors

  Line 97:9:   '__non_webpack_require__' is not defined                               no-undef
  Line 175:3:  Expected an assignment or function call and instead saw an expression  no-unused-expressions

complaining about

Line  97  var requireFunc = typeof __webpack_require__ === 'function' ? __non_webpack_require__ : require;
...
line 173     // run the 'prepareStackTrace' function above
line 174       Error.captureStackTrace(dummy);
line 175       dummy.stack;

Is it possible to migrate a node library to another one invocable by React? If the answer is positive and browserify is the right way to do it, how can I solve the errors above? I am new to NodeJs and React and a I lost here. Thanks in advance.

Answer 1

You cannot browserify kerberos in a useful way. Not only does all of its functionality rely on C bindings to system libraries (libgssapi) which cannot be accessed from web, but it all rests on the library having access to the user's cached TGT – which a browser will not provide. Even if you could compile the entire libgssapi to WASM – or even if you found a pure-JS Kerberos im­ple­men­ta­tion – you would still need to supply it with fresh credentials (username and password) and have it obtain a TGT from scratch, which would more or less defeat the point of using Kerberos.

Within a web browser, you can only make Kerberos-authenticated HTTP requests using the existing APIs (XHR/fetch); the browser will automatically determine the HTTP@<domain> SPN, and will add a HTTP header with the token. There is no way to use Kerberos within a browser for non-HTTP protocols.