Search Mailing List Archives
Script access to webauth'ed server
eagle at windlord.stanford.edu
Mon Apr 9 16:34:41 PDT 2007
Johan van Reijendam <jvanreij at stanford.edu> writes:
> I have some users requesting scripted access to some resources on a
> server which requires authentication through webauth. I would like to
> know what kind of solutions webauth users on this list have come up with
> to allow scripted access to a webauth'ed server.
There's no perfect solution right now for automated access through
WebLogin. All of the possibilities I have at the moment are going to
require some degree of interaction with the weblogin pages.
We have a Perl script that basically exploits knowledge of the form
variables on the weblogin page to log in with a preconfigured username and
password which we've used for testing. I'm a bit leery of recommending
this for any situation other than testing a WebLogin server with a
non-privileged account, though.
A slightly better solution is to use the XML API on the WebKDC to obtain a
single sign-on cookie from a Kerberos ticket, set that in the cookie jar
of the monitoring script, and then access the site. Then interactions
with WebLogin will be restricted to having to "click through" the
I've thought from time to time that it would be nice to have a separate
scriptable interface to WebAuth precisely for doing this sort of thing
that would avoid using the WebLogin interface entirely, but I haven't had
time to design or implement it. All of the components are already there
in the form of the WebKDC XML interface; it's just a matter of figuring
out which can be exposed securely and what the process flow should look
like, and then making available a library that one can use to develop
custom applications that authenticate with WebAuth.
Russ Allbery <eagle at windlord.stanford.edu>
Technical Lead, ITS Unix Systems and Applications, Stanford University
More information about the webauth-info