Go to main content

Remote Administration Daemon Developer's Guide

Exit Print View

Updated: April 2020

RAD Authenticating Local Clients

This section provides an example that shows how to authenticate a local client.

# curl -X POST -c cookie.txt -b cookie.txt \
 --header 'Content-Type:application/json' \ 
 --data '{"username":"username","password":"password","scheme":"pam","timeout":-1, "preserve":true}' \
 localhost/api/com.oracle.solaris.rad.authentication/1.0/Session/ \ 
 --unix-socket /system/volatile/rad/radsocket-http

The preceding command establishes a session and generates a token that is sent back to the client in form of an HTTP cookie.

Set-Cookie: _rad_instance=26368; Path=/api; Max-Age=3600
Set-Cookie: _rad_token=9432a53c-8034-4729-8cac-fb713a56827b; Path=/api;Max-Age=3600

        "status": "success",
        "payload": {
                "href": "/api/com.oracle.solaris.rad.authentication/1.0/Session/_rad_reference/2304"

As the Set-Cookie implies, to resume a session, a client must present this cookie in the HTTP header as part each future request. Because the Set-Cookie directive instructs the client to include this cookie in future requests, the session resumes automatically. In this example, invoking the curl command again with the same cookie.txt file and a new request would result in RAD processing the new request as part of the initial session.

For subsequent requests, you would use the token as shown in the following example.

# curl -v -X GET -c cookie.txt -b cookie.txt \
> localhost/api/com.oracle.solaris.rad.zonemgr/1.0/Zone?_rad_detail

The _rad_token cookie contains a string token that is the external representation of the session. If the token needs to be directly accessed, you can obtain the string token by reading the session's token property. This value may be used to later gain access to the session by writing the token to the session's token property.

Only the owner of a session may delete and thus invalidate the session.

Note -  A session token may be used across multiple connections, which allows an authenticated client to make multiple concurrent requests.