[Freeipa-devel] [PATCH] admiyo-freeipa-0023-user-whoami.patch

Endi Sukma Dewata edewata at redhat.com
Tue Sep 14 16:49:23 UTC 2010 

----- "Adam Young" <ayoung at redhat.com> wrote:

> user whoami
>      Added a whoami option to the user, allows the user to query their
> own information based on their Kerberos principal
> https://fedorahosted.org/freeipa/attachment/ticket/47/admiyo-freeipa-0023-user-whoami.patch
> 
> This will be used to return the users principal and rolegroups.
> 
> Test with :
> 
> curl   -H "Content-Type:application/json"          -H 
> "Accept:applicaton/json" -H "Accept-Language:es"        --negotiate -u
> 
> :          --cacert /etc/ipa/ca.crt           -d  
> '{"method:"user_find","params":[[],{ "all":true,"whoami":"True" } 
> ],"id":0}'          -X POST       http://127.0.0.1:8888/ipa/json
> 
> as well as
> ipa user-find --whoami --all

ACK, but as we discussed there's an existing bug with the whoami operation
which causes it to fetch the wrong principal:

[root at dev scripts]# kdestroy
[root at dev scripts]# klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
[root at dev scripts]# kinit edewata
Password for edewata at DEV.EXAMPLE.COM:
[root at dev scripts]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: edewata at DEV.EXAMPLE.COM

Valid starting     Expires            Service principal
09/14/10 14:42:02  09/15/10 14:41:59  krbtgt/DEV.EXAMPLE.COM at DEV.EXAMPLE.COM
[root at dev scripts]# ipa user-find --whoami
--------------
1 user matched
--------------
  User login: admin
  Last name: Administrator
  Home directory: /home/admin
  Login shell: /bin/bash
  Groups: admins
  Rolegroups: replicaadmin
  Taskgroups: managereplica, deletereplica
----------------------------
Number of entries returned 1
----------------------------
[root at dev scripts]# ipa user-find --whoami
--------------
1 user matched
--------------
  User login: edewata
  First name: Endi
  Last name: Dewata
  Home directory: /home/edewata
  Login shell: /bin/sh
  Groups: ipausers
----------------------------
Number of entries returned 1
----------------------------

--
Endi S. Dewata

More information about the Freeipa-devel mailing list