John Dennis wrote:
This patch adds support for password based session login (see detailed
comments in patch)

Only the server side is implemented, someone will have to add password
based login to the UI, when they do they should update the unauthorized
messges to include the new method, those message occur in two places.

* in install/html/unauthorized.html
* in the function error_handler() in install/ui/ipa.js:442

Sending the login requires sending the username (not the principal) and
password as application/x-www-form-urlencoded parameters in a GET or
POST request. Note, I only tested GET, but POST should work. Attached is
a curl script I used to test (send_login_password).

There is one other minor issue not included in any previous patches nor
this one, the VERSION file should be updated to force the apache
configuration to be updated.

If one keeps running the script more and more cookies get set each time (it seems to add a new session every other request). I ended up with:

< HTTP/1.1 200 Success
< Date: Sun, 26 Feb 2012 20:36:38 GMT
< Server: Apache/2.2.21 (Fedora)
< Set-Cookie: ipa_session=905b903b164cc8449a1619f610012ad0; httponly; Path=/ipa; secure < Set-Cookie: ipa_session=296d1c815326806be5dc609593950787; httponly; Path=/ipa; secure < Set-Cookie: ipa_session=0a3ddb3e43f093f54acac0568bf2c8af; httponly; Path=/ipa; secure < Set-Cookie: ipa_session=df4b39d4fe659ebfc401ee154c32fd1d; httponly; Path=/ipa; secure < Set-Cookie: ipa_session=10ce26f372355b7ed2d11f34dbce8edf; httponly; Path=/ipa; secure
< Content-Length: 0
< Connection: close
< Content-Type: text/plain; charset=UTF-8
* Closing connection #0

It also looks like some of the sessions only appear from time to time. For example, the next request I did did not contain 905b903b164cc8449a1619f610012ad0 but the one after that did again.


Freeipa-devel mailing list

Reply via email to