From d8e5b1f1d4ffe9b3fc6b17923ccc76b825ca474d Mon Sep 17 00:00:00 2001
From: Max Erenberg <merenber@csclub.uwaterloo.ca>
Date: Thu, 26 Aug 2021 02:26:56 +0000
Subject: [PATCH] update README

---
 .gitignore |  2 --
 README.md  | 12 +-----------
 2 files changed, 1 insertion(+), 13 deletions(-)

diff --git a/.gitignore b/.gitignore
index b41a4d60a..797afdce9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,7 +2,5 @@ __pycache__/
 *.pyc
 /venv/
 .vscode/
-/cred
 *.o
 *.so
-/ceo_common/krb5/_krb5.c
diff --git a/README.md b/README.md
index b14eae78f..69883c444 100644
--- a/README.md
+++ b/README.md
@@ -94,22 +94,12 @@ curl -V
 ```
 Your should see 'SPNEGO' in the 'Features' section.
 
-The API also uses unconstrained Kerberos delegation when interacting with
-the LDAP database. This means that the client obtains a forwarded TGT, then
-sends that to ceod, which then uses it to interact with LDAP on the client's
-behalf. There is a script called `gen_cred.py` which can generate this
-ticket for you.
-
-
 Here's an example of making a request to an endpoint which writes to LDAP:
 ```sh
 # Get a Kerberos TGT first
 kinit
-# Obtain a forwarded TGT
-./gen_cred.py phosphoric-acid
 # Make the request
-curl --negotiate -u : --service-name ceod \
-    -H "X-KRB5-CRED: $(cat cred)" \
+curl --negotiate -u : --service-name ceod --delegation always \
     -d '{"uid":"test_1","cn":"Test One","program":"Math","terms":["s2021"]}' \
     -X POST http://phosphoric-acid:9987/api/members
 ```