Curl WebAPI call to an ssl and kerberos enabled Solr instance

cURL/curl: cURL is a command-line tool for getting or sending data including files using URL syntax. Often useful in a non GUI environment to test web api calls.

Kerberos: A Strong Network Auth protocol used mainly in hadoop cluster to authenticate services and servers  with each other.

Solr : An Open source enterprise search platform 

Case 1 : Authenticate against Kerbeors only , no SSL - Works for http calls only 

If your URL is not ssl enabled but the services are Kerberos Enabled, this is so weak i would recommend enabling SSL for added security

curl --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt 'http://<webapi_call>'


Case 2 : Allow connections to SSL sites without certs  but authenticate against Kerberos  - Not recommended but can be a good workaround 

If your URL is https style but you don't know the location of CA certificate/pem file, you may use this option as a workaround 

curl --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt -k 'https://<webapi_call>'

Case 3: Verify against SSL peer,Authenticate using Kerberos  - Highly recommended

 This is the recommended approach where it authenticates using Kerberos and also verified SSL using server certificate .

curl --cacert <.pem file> --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt 'https://<webapi_call>'

command options reference

--negotiate   :  Use HTTP Negotiate Authentication (H)

-u : Set server user and password  (but it is ignored in terms of krb )

-b : Cookie string or file to read cookies from (H)

-c : Write cookies to this file after operation (H)

--cacert <file> : CA certificate to verify peer against (SSL)