To automate access to the CUD REST interface a tool is required that will allow authentication using the GSS Negotiate
protocol with a Kerberos service principal keytab. The following tools offer this functionality and have been successfully tested to work with the CUD REST interface.
However, these tools are not the only way to access the CUD REST interface, there is no reason why programmatic solutions should not be developed if you have a requirement to.
The curl tool may be used as long as it has been compiled with GSS-Negotiate and SSL support. Compiling with GSS-Negotiate support is dependent upon the availability of particular Kerberos libraries. The MacOS and linux operating systems are examples for which curl has been packaged with built-in GSS-Negotiate support, while curl built for the Windows OS may not have been.
To verify whether your version of curl has support for SSL and GSS-Negotiate, invoke curl with the '--version' option, as in the following example:
$ curl --version
curl 7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/188.8.131.52 libidn/1.15 libssh2/1.2.6
Protocols: dict file ftp ftps http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
If you see "GSS-Negotiate" and "SSL" in the third line of the output ("Features") you can use curl for this.
If the "GSS-Negotiate" (Negotiate authentication) feature is missing you can alternatively use the java-based command-line tool.
3.2. NegotiateRestClient.jar (supplied on request)
To use this tool you must have installed the prerequisite Java SE (Standard Edition) Runtim Environment (JRE). This is available as a free download from http://java.oracle.com . Alternatively an equivalent OpenJDK edition can be installed if it is available for your OS platform. The minimum required Java Runtime Environment (JRE) version is Java 7.
When the JRE is installed the tool can be invoked as follows:
$ java -jar NegotiateRestClient.jar
If a JRE is successfully installed, the output should include an error message, and a usage message
resembling the following:
usage: java -jar NegotiateRestClient.jar [options]
-c,--config <arg> use specified login configuration file
-D,--debug enables extra debug output, use when verbose
error reporting is required
-d,--data <arg> sends the specified data in a GET request to the
HTTP server (required if -f/--upload-file not
provided). The data will be appended to the URL
with a '?' separator.
-f,--upload-file <arg> streams data from a file and sends the data in a
POST request to the HTTP server as part of a
multipart/formdata request suitable for large
files (overrides -d/--data and -f/--file-data)
-h,--help display this message - all other options are
ignored if this option is specified
-k,--krb5-conf use specified krb5.conf file
-o,--output-file <arg> output file. If ommitted the output will be send
to the console.
-u,--url <arg> the target URL
Up: Contents Previous: 2. Parameters Next: 4. Requesting Access