[Freeipa-devel] [PATCH] 1024 add client session support
Rob Crittenden
rcritten at redhat.com
Thu Jun 7 18:58:37 UTC 2012
Rob Crittenden wrote:
> This adds client session support. The session key is stored in the
> kernel key ring.
>
> Your first request should go to /ipa/session/xml where it should be
> rejected with a 401. The next will go to /ipa/xml which will be
> accepted. This should all be invisible to the client.
>
> Subsequent requests should go to /ipa/session/xml which should let you
> in with the cookie.
>
> You can add the -vv option after ipa to see fully what is going on, e.g.
> ipa -vv user-show admin
>
> To manage your keyring use the keyctl command like:
>
> $ keyctl list @s
> 2 keys in keyring:
> 353548226: --alswrv 1000 -1 keyring: _uid.1000
> 941350591: --alswrv 1000 1000 user: ipa_session_cookie
>
> To remove a key:
>
> $ keyctl unlink 941350591 @s
>
> rob
Hmm, this doesn't play too nice with the lite-server. Let me see if I
can track it down. The ccache is being removed, probably as part of the
session code. Sessions don't make sense with the lite server since it
uses the local ccache directly.
rob
More information about the Freeipa-devel
mailing list