update README
continuous-integration/drone/push Build is passing Details

This commit is contained in:
Max Erenberg 2021-08-26 02:26:56 +00:00
parent 46881f7a1f
commit d8e5b1f1d4
2 changed files with 1 additions and 13 deletions

2
.gitignore vendored
View File

@ -2,7 +2,5 @@ __pycache__/
*.pyc
/venv/
.vscode/
/cred
*.o
*.so
/ceo_common/krb5/_krb5.c

View File

@ -94,22 +94,12 @@ curl -V
```
Your should see 'SPNEGO' in the 'Features' section.
The API also uses unconstrained Kerberos delegation when interacting with
the LDAP database. This means that the client obtains a forwarded TGT, then
sends that to ceod, which then uses it to interact with LDAP on the client's
behalf. There is a script called `gen_cred.py` which can generate this
ticket for you.
Here's an example of making a request to an endpoint which writes to LDAP:
```sh
# Get a Kerberos TGT first
kinit
# Obtain a forwarded TGT
./gen_cred.py phosphoric-acid
# Make the request
curl --negotiate -u : --service-name ceod \
-H "X-KRB5-CRED: $(cat cred)" \
curl --negotiate -u : --service-name ceod --delegation always \
-d '{"uid":"test_1","cn":"Test One","program":"Math","terms":["s2021"]}' \
-X POST http://phosphoric-acid:9987/api/members
```