[Freeipa-devel] [PATCH] 1024 add client session support
Rob Crittenden
rcritten at redhat.com
Thu Jun 7 17:52:43 UTC 2012
This adds client session support. The session key is stored in the
kernel key ring.
Your first request should go to /ipa/session/xml where it should be
rejected with a 401. The next will go to /ipa/xml which will be
accepted. This should all be invisible to the client.
Subsequent requests should go to /ipa/session/xml which should let you
in with the cookie.
You can add the -vv option after ipa to see fully what is going on, e.g.
ipa -vv user-show admin
To manage your keyring use the keyctl command like:
$ keyctl list @s
2 keys in keyring:
353548226: --alswrv 1000 -1 keyring: _uid.1000
941350591: --alswrv 1000 1000 user: ipa_session_cookie
To remove a key:
$ keyctl unlink 941350591 @s
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-1024-session.patch
Type: text/x-diff
Size: 27467 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120607/0af521f2/attachment.bin>
More information about the Freeipa-devel
mailing list