[Freeipa-users] Adding hosts
Sigbjorn Lie
sigbjorn at nixtra.com
Mon Nov 21 22:22:37 UTC 2011
On 11/21/2011 10:52 PM, Rob Crittenden wrote:
> Sigbjorn Lie wrote:
>> On 11/21/2011 10:21 PM, Rob Crittenden wrote:
>>> Sigbjorn Lie wrote:
>>>> Hi,
>>>>
>>>> I want to integrate a kickstart tool written in PHP to add hosts to an
>>>> IPA server.
>>>>
>>>> I found the IpaApi, but there does not seem to be a host_add function:
>>>> http://freeipa.org/page/IpaApi
>>>>
>>>> What would be the best way to do this?
>>>
>>> Sorry, this we missed this page when we sought out all the v1 pages a
>>> while back.
>>>
>>> Pretty much all functions now have the same format. The first argument
>>> is an array of positional arguments. The second is a struct
>>> representing the options.
>>>
>>> An easy way to see how data is passed to a given command is to pass
>>> -vv to the ipa command:
>>>
>>> $ ipa -vv host-add test.example.com
>>>
>>> This will show the XML-RPC request we make.
>>>
>>> In the case of a host you can probably get away with just positional
>>> arguments, I believe all options are, ahem, optional :-)
>>
>> Right, that wasn't horrible to read...at all... :)
>>
>> How do you suggest doing the authentication towards towards the XML-RPC
>> instance? If the user is authenticated to the apache server running the
>> kickstart tool using kerberos from IPA, can I re-use these credentials
>> and forward them to the IPA server? Having a pre-req that the kerberos
>> user must have access to add hosts in the IPA instance...
>
> The user's TGT will be in the ccache in KRB5CCNAME in the local
> environment. You'll need to use that to make requests. I'm not sure of
> the GSSAPI capabilities of PHP though.
>
> You need to get a service ticket for the HTTP service, then stuff that
> into an Authorization header when you make a request. It will look like:
>
> Authorization: negotiate <huge base64-blob>
>
> Do a POST to /ipa/xml
Ok, Thanks, I will give it a shot.
More information about the Freeipa-users
mailing list