Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

Service principle through webauth?

Russ Allbery eagle at
Fri Aug 3 13:53:50 PDT 2007

caseyd1 <caseyd1 at> writes:

> Is there a way to present a service principle to webauth?

Kind of, and you can get a single sign-on cookie through that API, but you
still have to go through the confirmation screen.  I've been meaning to
provide a full API for doing authentication, but I haven't had a chance to
really look at it.

What you need to do right now is use the <webkdcProxyToken> API against
the WebKDC to obtain a proxy token, put it in your local cookie jar, and
then attempt to access the protected site and follow the redirects and the
link on the confirmation page, being sure to accept and handle cookies
properly.  This should work, but I don't have sample code for you.

> I'm working with IHUM to provide a feed of custom info for CourseWork 5
> / Sakai.

> They would like drop these documents in AFS in their WWW area and our
> distributed, pooled background processes pick them up automatically.

> They would rather the documents only be accessed after authentication.

> Other than Basic Auth (which we may drop back to) are there any
> suggestions? IP ranges? (ugh)

Why don't you just use AFS?  Seems silly to add another protocol layer
when AFS is already there, authenticated, and easy to access.  That's what
the distributed file system is for.

Russ Allbery <eagle at>
Technical Lead, ITS Unix Systems and Applications, Stanford University

More information about the webauth-info mailing list