summaryrefslogtreecommitdiff
path: root/INTERACT.md
diff options
context:
space:
mode:
Diffstat (limited to 'INTERACT.md')
-rw-r--r--INTERACT.md49
1 files changed, 49 insertions, 0 deletions
diff --git a/INTERACT.md b/INTERACT.md
new file mode 100644
index 0000000..b3c3914
--- /dev/null
+++ b/INTERACT.md
@@ -0,0 +1,49 @@
+Start server in a separate shell session.
+
+ $ FLASK_APP=session_app.py FLASK_DEBUG=1 flask run --host 0.0.0.0
+
+Reset any cookies and kerberos tickets.
+
+ $ kdestroy -A
+ $ rm ~/cookiejar.txt
+
+Try visiting protected page without authorization.
+
+ $ curl -L http://d2-03a.ipa.example.com:5000/protected -b ~/cookiejar.txt -c ~/cookiejar.txt
+ requires session
+
+Get kerberos ticket and then visit login url. This /login redirects to /login/kerberos by default.
+
+ $ kinit ${USER}
+ $ klist
+ Ticket cache: FILE:/tmp/krb5cc_960600001_Hjgmv7lby2
+ Default principal: bgstack15@IPA.EXAMPLE.COM
+
+ Valid starting Expires Service principal
+ 06/20/21 16:04:10 06/21/21 16:04:07 krbtgt/IPA.EXAMPLE.COM@IPA.EXAMPLE.COM
+ 06/20/21 16:04:15 06/21/21 16:04:07 HTTP/d2-03a.ipa.example.com@IPA.EXAMPLE.COM
+
+ $ curl -L http://d2-03a.ipa.example.com:5000/login --negotiate -u ':' -b ~/cookiejar.txt -c ~/cookiejar.txt
+ <meta http-equiv="Refresh" content="1; url=/protected/">success with kerberos
+
+Visit protected page now that we have a session.
+
+ $ cat ~/cookiejar.txt
+ # Netscape HTTP Cookie File
+ # https://curl.se/docs/http-cookies.html
+ # This file was generated by libcurl! Edit at your own risk.
+
+ d2-03a.ipa.example.com FALSE / FALSE 0 user "bgstack15@IPA.EXAMPLE.COM"
+ d2-03a.ipa.example.com FALSE / FALSE 0 type kerberos
+ d2-03a.ipa.example.com FALSE / FALSE 0 timestamp 2021-06-20T20:06:15Z
+ #HttpOnly_d2-03a.ipa.example.com FALSE / FALSE 1624219691 session eyJfcGVybWFuZW50Ijp0cnVlLCJlbmRfdGltZSI6IjIwMjEtMDYtMjBUMjA6MDY6MTVaIiwidXNlciI6ImJnaXJ0b25ASVBBLlNNSVRIMTIyLkNPTSJ9.YM-fsw.ZeI4ec-d7D64IEJ9Ab4RfpXfLt4
+
+ $ curl -L http://d2-03a.ipa.example.com:5000/protected -b ~/cookiejar.txt -c ~/cookiejar.txt
+ <html>
+ <title>View Session Cookie</title>
+ Username: bgstack15@IPA.EXAMPLE.COM<br/>
+ Session expires: 2021-06-20T20:06:15Z<br/>
+ Logged in through: kerberos
+ </html>
+
+2021-06-20 ldap basic auth, and a login form are still pending.
bgstack15