From dbe21e7fc9395f9f30fe3299ce09d59dc8a693e9 Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Sun, 20 Jun 2021 16:12:54 -0400 Subject: initial commit --- INTERACT.md | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 INTERACT.md (limited to 'INTERACT.md') diff --git a/INTERACT.md b/INTERACT.md new file mode 100644 index 0000000..b3c3914 --- /dev/null +++ b/INTERACT.md @@ -0,0 +1,49 @@ +Start server in a separate shell session. + + $ FLASK_APP=session_app.py FLASK_DEBUG=1 flask run --host 0.0.0.0 + +Reset any cookies and kerberos tickets. + + $ kdestroy -A + $ rm ~/cookiejar.txt + +Try visiting protected page without authorization. + + $ curl -L http://d2-03a.ipa.example.com:5000/protected -b ~/cookiejar.txt -c ~/cookiejar.txt + requires session + +Get kerberos ticket and then visit login url. This /login redirects to /login/kerberos by default. + + $ kinit ${USER} + $ klist + Ticket cache: FILE:/tmp/krb5cc_960600001_Hjgmv7lby2 + Default principal: bgstack15@IPA.EXAMPLE.COM + + Valid starting Expires Service principal + 06/20/21 16:04:10 06/21/21 16:04:07 krbtgt/IPA.EXAMPLE.COM@IPA.EXAMPLE.COM + 06/20/21 16:04:15 06/21/21 16:04:07 HTTP/d2-03a.ipa.example.com@IPA.EXAMPLE.COM + + $ curl -L http://d2-03a.ipa.example.com:5000/login --negotiate -u ':' -b ~/cookiejar.txt -c ~/cookiejar.txt + success with kerberos + +Visit protected page now that we have a session. + + $ cat ~/cookiejar.txt + # Netscape HTTP Cookie File + # https://curl.se/docs/http-cookies.html + # This file was generated by libcurl! Edit at your own risk. + + d2-03a.ipa.example.com FALSE / FALSE 0 user "bgstack15@IPA.EXAMPLE.COM" + d2-03a.ipa.example.com FALSE / FALSE 0 type kerberos + d2-03a.ipa.example.com FALSE / FALSE 0 timestamp 2021-06-20T20:06:15Z + #HttpOnly_d2-03a.ipa.example.com FALSE / FALSE 1624219691 session eyJfcGVybWFuZW50Ijp0cnVlLCJlbmRfdGltZSI6IjIwMjEtMDYtMjBUMjA6MDY6MTVaIiwidXNlciI6ImJnaXJ0b25ASVBBLlNNSVRIMTIyLkNPTSJ9.YM-fsw.ZeI4ec-d7D64IEJ9Ab4RfpXfLt4 + + $ curl -L http://d2-03a.ipa.example.com:5000/protected -b ~/cookiejar.txt -c ~/cookiejar.txt + + View Session Cookie + Username: bgstack15@IPA.EXAMPLE.COM
+ Session expires: 2021-06-20T20:06:15Z
+ Logged in through: kerberos + + +2021-06-20 ldap basic auth, and a login form are still pending. -- cgit