can i tell you about this thing i wrote? it involves ssh and cookies and the setuid and setgid bits.
it’s called snootauth.
it’s a way for sites on snootclub to verify a snootclub user.
it is hosted at
/auth on any snoot site that wants
when you, a user, click the
listen in the browser, it
starts a GET request which makes the server open a
that’s owned by your user in
when you run the ssh command, succeed(1) writes the word
"success" to the socket belonging to your user then
In the http server,
listen’s GET request handler
"success" in the socket and returns,
setting a cookie for you on the snoot subdomain you are on.
and now on the server, there is a file that belongs to the snoot user whose site you are on that contains your token:
it’s also read-writeable by the snootauth program, so it can delete or replace tokens when the user logs out or reauthenticates.
so now the server code for the snoot whose site you are on can check
any cookies it receives against the token in