[Freeipa-devel] [PATCH] admiyo-freeipa-0023-user-whoami.patch
Endi Sukma Dewata
edewata at redhat.com
Tue Sep 14 16:49:23 UTC 2010
----- "Adam Young" <ayoung at redhat.com> wrote:
> user whoami
> Added a whoami option to the user, allows the user to query their
> own information based on their Kerberos principal
> https://fedorahosted.org/freeipa/attachment/ticket/47/admiyo-freeipa-0023-user-whoami.patch
>
> This will be used to return the users principal and rolegroups.
>
> Test with :
>
> curl -H "Content-Type:application/json" -H
> "Accept:applicaton/json" -H "Accept-Language:es" --negotiate -u
>
> : --cacert /etc/ipa/ca.crt -d
> '{"method:"user_find","params":[[],{ "all":true,"whoami":"True" }
> ],"id":0}' -X POST http://127.0.0.1:8888/ipa/json
>
> as well as
> ipa user-find --whoami --all
ACK, but as we discussed there's an existing bug with the whoami operation
which causes it to fetch the wrong principal:
[root at dev scripts]# kdestroy
[root at dev scripts]# klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
[root at dev scripts]# kinit edewata
Password for edewata at DEV.EXAMPLE.COM:
[root at dev scripts]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: edewata at DEV.EXAMPLE.COM
Valid starting Expires Service principal
09/14/10 14:42:02 09/15/10 14:41:59 krbtgt/DEV.EXAMPLE.COM at DEV.EXAMPLE.COM
[root at dev scripts]# ipa user-find --whoami
--------------
1 user matched
--------------
User login: admin
Last name: Administrator
Home directory: /home/admin
Login shell: /bin/bash
Groups: admins
Rolegroups: replicaadmin
Taskgroups: managereplica, deletereplica
----------------------------
Number of entries returned 1
----------------------------
[root at dev scripts]# ipa user-find --whoami
--------------
1 user matched
--------------
User login: edewata
First name: Endi
Last name: Dewata
Home directory: /home/edewata
Login shell: /bin/sh
Groups: ipausers
----------------------------
Number of entries returned 1
----------------------------
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list