[Freeipa-devel] [PATCH] 1024 add client session support
Rob Crittenden
rcritten at redhat.com
Fri Jun 8 02:55:51 UTC 2012
Rob Crittenden wrote:
> Rob Crittenden wrote:
>> This adds client session support. The session key is stored in the
>> kernel key ring.
>>
>> Your first request should go to /ipa/session/xml where it should be
>> rejected with a 401. The next will go to /ipa/xml which will be
>> accepted. This should all be invisible to the client.
>>
>> Subsequent requests should go to /ipa/session/xml which should let you
>> in with the cookie.
>>
>> You can add the -vv option after ipa to see fully what is going on, e.g.
>> ipa -vv user-show admin
>>
>> To manage your keyring use the keyctl command like:
>>
>> $ keyctl list @s
>> 2 keys in keyring:
>> 353548226: --alswrv 1000 -1 keyring: _uid.1000
>> 941350591: --alswrv 1000 1000 user: ipa_session_cookie
>>
>> To remove a key:
>>
>> $ keyctl unlink 941350591 @s
>>
>> rob
>
> Hmm, this doesn't play too nice with the lite-server. Let me see if I
> can track it down. The ccache is being removed, probably as part of the
> session code. Sessions don't make sense with the lite server since it
> uses the local ccache directly.
Updated patch. Don't clean up the ccache if in the lite-server.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-1024-2-session.patch
Type: text/x-diff
Size: 27515 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120607/83f11715/attachment.bin>
More information about the Freeipa-devel
mailing list