Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
25 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# snootauth | ||
|
||
ssh-based web logins | ||
|
||
|
||
when you click listen in the browser, | ||
it starts a GET request which makes the server open | ||
a unix socket that's owned by your user in `/snoot/auth/socks/your-uid.sock`. | ||
|
||
there is an ssh server running on port 2424, | ||
which has a ForceCommand setting set to a command called `succeed` | ||
that writes the word success to the socket belonging to your user | ||
at which point it immediately exists and says "Thank-you! you can | ||
return to your browser" | ||
|
||
the GET request to listen receives the "success" and returns, | ||
setting a cookie for you on the snoot you are on | ||
|
||
and now there is a file that is only read-writeable | ||
by the snoot whose site the user is trying to log in to | ||
(and the snootauth program, so it can delete or replace them) | ||
|
||
|
||
so in the snoot's site's server, when you receive a cookie, | ||
you can check if it matches the cookie in `/snoots/auth/sessions/{their-name}.{my-name}` |