update README
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
This commit is contained in:
parent
46881f7a1f
commit
d8e5b1f1d4
|
@ -2,7 +2,5 @@ __pycache__/
|
||||||
*.pyc
|
*.pyc
|
||||||
/venv/
|
/venv/
|
||||||
.vscode/
|
.vscode/
|
||||||
/cred
|
|
||||||
*.o
|
*.o
|
||||||
*.so
|
*.so
|
||||||
/ceo_common/krb5/_krb5.c
|
|
||||||
|
|
12
README.md
12
README.md
|
@ -94,22 +94,12 @@ curl -V
|
||||||
```
|
```
|
||||||
Your should see 'SPNEGO' in the 'Features' section.
|
Your should see 'SPNEGO' in the 'Features' section.
|
||||||
|
|
||||||
The API also uses unconstrained Kerberos delegation when interacting with
|
|
||||||
the LDAP database. This means that the client obtains a forwarded TGT, then
|
|
||||||
sends that to ceod, which then uses it to interact with LDAP on the client's
|
|
||||||
behalf. There is a script called `gen_cred.py` which can generate this
|
|
||||||
ticket for you.
|
|
||||||
|
|
||||||
|
|
||||||
Here's an example of making a request to an endpoint which writes to LDAP:
|
Here's an example of making a request to an endpoint which writes to LDAP:
|
||||||
```sh
|
```sh
|
||||||
# Get a Kerberos TGT first
|
# Get a Kerberos TGT first
|
||||||
kinit
|
kinit
|
||||||
# Obtain a forwarded TGT
|
|
||||||
./gen_cred.py phosphoric-acid
|
|
||||||
# Make the request
|
# Make the request
|
||||||
curl --negotiate -u : --service-name ceod \
|
curl --negotiate -u : --service-name ceod --delegation always \
|
||||||
-H "X-KRB5-CRED: $(cat cred)" \
|
|
||||||
-d '{"uid":"test_1","cn":"Test One","program":"Math","terms":["s2021"]}' \
|
-d '{"uid":"test_1","cn":"Test One","program":"Math","terms":["s2021"]}' \
|
||||||
-X POST http://phosphoric-acid:9987/api/members
|
-X POST http://phosphoric-acid:9987/api/members
|
||||||
```
|
```
|
||||||
|
|
Loading…
Reference in New Issue