update README
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
This commit is contained in:
parent
46881f7a1f
commit
d8e5b1f1d4
|
@ -2,7 +2,5 @@ __pycache__/
|
|||
*.pyc
|
||||
/venv/
|
||||
.vscode/
|
||||
/cred
|
||||
*.o
|
||||
*.so
|
||||
/ceo_common/krb5/_krb5.c
|
||||
|
|
12
README.md
12
README.md
|
@ -94,22 +94,12 @@ curl -V
|
|||
```
|
||||
Your should see 'SPNEGO' in the 'Features' section.
|
||||
|
||||
The API also uses unconstrained Kerberos delegation when interacting with
|
||||
the LDAP database. This means that the client obtains a forwarded TGT, then
|
||||
sends that to ceod, which then uses it to interact with LDAP on the client's
|
||||
behalf. There is a script called `gen_cred.py` which can generate this
|
||||
ticket for you.
|
||||
|
||||
|
||||
Here's an example of making a request to an endpoint which writes to LDAP:
|
||||
```sh
|
||||
# Get a Kerberos TGT first
|
||||
kinit
|
||||
# Obtain a forwarded TGT
|
||||
./gen_cred.py phosphoric-acid
|
||||
# Make the request
|
||||
curl --negotiate -u : --service-name ceod \
|
||||
-H "X-KRB5-CRED: $(cat cred)" \
|
||||
curl --negotiate -u : --service-name ceod --delegation always \
|
||||
-d '{"uid":"test_1","cn":"Test One","program":"Math","terms":["s2021"]}' \
|
||||
-X POST http://phosphoric-acid:9987/api/members
|
||||
```
|
||||
|
|
Loading…
Reference in New Issue