public
/
pyceo
27
1
Fork 3
Code Issues 25 Pull Requests 5 Projects Releases 1 Wiki Activity

update README
continuous-integration/drone/push Build is passing Details

This commit is contained in:
Max Erenberg 2021-08-26 02:26:56 +00:00
parent 46881f7a1f
commit d8e5b1f1d4
2 changed files with 1 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -2,7 +2,5 @@ __pycache__/
*.pyc *.pyc
/venv/ /venv/
.vscode/ .vscode/
/cred
*.o *.o
*.so *.so
/ceo_common/krb5/_krb5.c

12
README.md
View File

@ -94,22 +94,12 @@ curl -V
``` ```
Your should see 'SPNEGO' in the 'Features' section. Your should see 'SPNEGO' in the 'Features' section.
The API also uses unconstrained Kerberos delegation when interacting with
the LDAP database. This means that the client obtains a forwarded TGT, then
sends that to ceod, which then uses it to interact with LDAP on the client's
behalf. There is a script called `gen_cred.py` which can generate this
ticket for you.
Here's an example of making a request to an endpoint which writes to LDAP: Here's an example of making a request to an endpoint which writes to LDAP:
```sh ```sh
# Get a Kerberos TGT first # Get a Kerberos TGT first
kinit kinit
# Obtain a forwarded TGT
./gen_cred.py phosphoric-acid
# Make the request # Make the request
curl --negotiate -u : --service-name ceod \ curl --negotiate -u : --service-name ceod --delegation always \
-H "X-KRB5-CRED: $(cat cred)" \
-d '{"uid":"test_1","cn":"Test One","program":"Math","terms":["s2021"]}' \ -d '{"uid":"test_1","cn":"Test One","program":"Math","terms":["s2021"]}' \
-X POST http://phosphoric-acid:9987/api/members -X POST http://phosphoric-acid:9987/api/members
``` ```