diff options
Diffstat (limited to 'INTERACT.md')
-rw-r--r-- | INTERACT.md | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/INTERACT.md b/INTERACT.md new file mode 100644 index 0000000..b3c3914 --- /dev/null +++ b/INTERACT.md @@ -0,0 +1,49 @@ +Start server in a separate shell session. + + $ FLASK_APP=session_app.py FLASK_DEBUG=1 flask run --host 0.0.0.0 + +Reset any cookies and kerberos tickets. + + $ kdestroy -A + $ rm ~/cookiejar.txt + +Try visiting protected page without authorization. + + $ curl -L http://d2-03a.ipa.example.com:5000/protected -b ~/cookiejar.txt -c ~/cookiejar.txt + requires session + +Get kerberos ticket and then visit login url. This /login redirects to /login/kerberos by default. + + $ kinit ${USER} + $ klist + Ticket cache: FILE:/tmp/krb5cc_960600001_Hjgmv7lby2 + Default principal: bgstack15@IPA.EXAMPLE.COM + + Valid starting Expires Service principal + 06/20/21 16:04:10 06/21/21 16:04:07 krbtgt/IPA.EXAMPLE.COM@IPA.EXAMPLE.COM + 06/20/21 16:04:15 06/21/21 16:04:07 HTTP/d2-03a.ipa.example.com@IPA.EXAMPLE.COM + + $ curl -L http://d2-03a.ipa.example.com:5000/login --negotiate -u ':' -b ~/cookiejar.txt -c ~/cookiejar.txt + <meta http-equiv="Refresh" content="1; url=/protected/">success with kerberos + +Visit protected page now that we have a session. + + $ cat ~/cookiejar.txt + # Netscape HTTP Cookie File + # https://curl.se/docs/http-cookies.html + # This file was generated by libcurl! Edit at your own risk. + + d2-03a.ipa.example.com FALSE / FALSE 0 user "bgstack15@IPA.EXAMPLE.COM" + d2-03a.ipa.example.com FALSE / FALSE 0 type kerberos + d2-03a.ipa.example.com FALSE / FALSE 0 timestamp 2021-06-20T20:06:15Z + #HttpOnly_d2-03a.ipa.example.com FALSE / FALSE 1624219691 session eyJfcGVybWFuZW50Ijp0cnVlLCJlbmRfdGltZSI6IjIwMjEtMDYtMjBUMjA6MDY6MTVaIiwidXNlciI6ImJnaXJ0b25ASVBBLlNNSVRIMTIyLkNPTSJ9.YM-fsw.ZeI4ec-d7D64IEJ9Ab4RfpXfLt4 + + $ curl -L http://d2-03a.ipa.example.com:5000/protected -b ~/cookiejar.txt -c ~/cookiejar.txt + <html> + <title>View Session Cookie</title> + Username: bgstack15@IPA.EXAMPLE.COM<br/> + Session expires: 2021-06-20T20:06:15Z<br/> + Logged in through: kerberos + </html> + +2021-06-20 ldap basic auth, and a login form are still pending. |