readme, requirements for kerberos

splunk-soar-connectors · Feb 23, 2024 · 68c4b02 · 68c4b02
1 parent d75bc38
commit 68c4b02
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 1 deletion.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,9 +1,10 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.16
+    rev: v1.17
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies
+        args: ["-d", "./Dockerfile.wheels"]
 -   repo: https://github.com/Yelp/detect-secrets
     rev: v1.4.0
     hooks:

diff --git a/Dockerfile.wheels b/Dockerfile.wheels
@@ -0,0 +1,2 @@
+FROM quay.io/pypa/manylinux2014_x86_64
+RUN yum install krb5-devel krb5-workstation -y
diff --git a/manual_readme_content.md b/manual_readme_content.md
@@ -117,3 +117,27 @@ default, the app will wait for these actions to finish. In the case of starting
 or some other command which you want to start but don't care for the output, then you can check the
 **async** parameter. After the command starts, it will return a **command_id** and **shell_id** ,
 which you can optionally use to retrieve the output of that command at a later time.
+
+### Certificate Authentication
+
+To authenticate using SSL certificates, select `certificate` authentication in asset configuration method and pass following configuration parameters.
+
+* cert_pem_path - A path to signed certificate file that is trusted by the Windows instance, in PEM format
+
+* cert_key_pem_path - A filepath to key used to generate cert_pem file
+
+* ca_trust_path - The certificate of the certificate authority that signed cert_file. It's needed only when you set up your own certificate authority.
+
+It is recommended that these files be placed under the <PHANTOM_HOME>/etc/ssl/ directory. These files must be readable by the phantom-worker user.
+
+### Kerberos Authentication
+
+To authenticate using Kerberos, select `kerberos` authentication in asset configuration and provide hostname and username used for authorization.
+You'll also need to setup your Phantom VM to support Kerberos:
+
+-  Kerberos packages needs to be installed: `krb5-workstation krb5-libs krb5-auth-dialog`
+-  `/etc/krb5.conf` needs to be properly configured for your realm and kdc
+-  If there is no DNS configuration, `hosts` file will need to have mappings for Windows server under same domain as on Windows server 
+-  `kinit` must be run for principal that will be used to connect to msccm
+-   It should be noted that Kerberos tickets will expire, so it is recommended to use a script to
+    run `kinit` periodically to refresh the ticket for the user, alternatively `keytab` file can be created on server and used on client for connectivity.
diff --git a/requirements.txt b/requirements.txt
@@ -1,3 +1,4 @@
 beautifulsoup4==4.9.1
+pykerberos==1.2.4
 pywinrm==0.4.3
 xmltodict==0.13.0
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		FROM quay.io/pypa/manylinux2014_x86_64
		RUN yum install krb5-devel krb5-workstation -y