diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2017-03-02 18:03:05 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2017-03-09 14:10:02 +0100 |
| commit | 381c1c7a8fe63526d21cb65decb75fb5ffda676a (patch) | |
| tree | 30c7356797c1115c18023915ef0ec302f77164d0 /ipaserver/install/server/install.py | |
| parent | 5cb98496aa2e1e190219cf2f4a6208a38fa368d5 (diff) | |
| download | freeipa-381c1c7a8fe63526d21cb65decb75fb5ffda676a.tar.gz freeipa-381c1c7a8fe63526d21cb65decb75fb5ffda676a.tar.xz freeipa-381c1c7a8fe63526d21cb65decb75fb5ffda676a.zip | |
add whoami command
Whoami command allows to query details about currently
authenticated identity. The command returns following information:
* object class name
* function to call to get actual details about the object
* arguments to pass to the function
There are five types of objects that could bind to IPA using their
credentials. `ipa whoami` call expects one of the following:
* users
* staged users
* hosts
* Kerberos services
* ID user override from the default trust view
The latter category of objects is automatically mapped by SASL GSSAPI
mapping rule in 389-ds for users from trusted Active Directory forests.
The command is expected to be used by Web UI to define proper view for
the authenticated identity. It is not visible in the command line
interface is `ipa` command.
Below is an example of how communication looks like for a host
principal:
# kinit -k
# ipa console
(Custom IPA interactive Python console)
>>> api.Command.whoami()
{u'command': u'host_show/1', u'object': u'host', u'arguments': (u'ipa.example.com',)}
>>>
Fixes https://pagure.io/freeipa/issue/6643
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Diffstat (limited to 'ipaserver/install/server/install.py')
0 files changed, 0 insertions, 0 deletions