Rob Crittenden wrote:
This adds client session support. The session key is stored in the
kernel key ring.
Your first request should go to /ipa/session/xml where it should be
rejected with a 401. The next will go to /ipa/xml which will be
accepted. This should all be invisible to the client.
Subsequent requests should go to /ipa/session/xml which should let you
in with the cookie.
You can add the -vv option after ipa to see fully what is going on, e.g.
ipa -vv user-show admin
To manage your keyring use the keyctl command like:
$ keyctl list @s
2 keys in keyring:
353548226: --alswrv 1000 -1 keyring: _uid.1000
941350591: --alswrv 1000 1000 user: ipa_session_cookie
To remove a key:
$ keyctl unlink 941350591 @s
Hmm, this doesn't play too nice with the lite-server. Let me see if I
can track it down. The ccache is being removed, probably as part of the
session code. Sessions don't make sense with the lite server since it
uses the local ccache directly.
Freeipa-devel mailing list