[Freeipa-users] ipa-getkeytab during %post
Dale Macartney
dale at themacartneyclan.com
Wed Feb 8 11:33:44 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks Christian
I was thinking the same to be honest..
the issue with having a password in a kickstart is obviously that
someone can read it in clear text. here I would see the need to use a
specific role account with limited ability, but the issue remains the
same... its a clear text password and has the ability to read ipa data.
I was pondering the idea of fetching a keytab file, however as the
system has not yet registered itself into ipa, there is no host data
available to be exported to a key..
has anyone performed this kind of task in an environment of their own so
far?
Dale
On 02/08/2012 09:28 AM, Christian Horn wrote:
> On Wed, Feb 08, 2012 at 11:13:36AM +0000, Dale Macartney wrote:
>>
>> i'm dabbling with automated provisioning of ipa client servers, and i'm
>> a little perplexed on how to add a keytab to a system during the %post
>> section of a kickstart...
>>
>> i've run ipa-client-install -U -p admin -w redhat123 which works
>> perfect, but in order to run ipa-getkeytab i need a tgt, which doesn't
>> appear to be generated during the ipa-client-install.
>>
>> any suggestions on doing this during a post?
>
> The password does not look nice here thou..
>
> echo 'redhat123' | kinit admin --
>
> One might also be able to fetch the ticket as a file and deploy
> it on the system for usage.
>
> Christian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJPMl2QAAoJEAJsWS61tB+qhMgQAJYPwAWUFr7jNzl5C6qVcAPS
1q8dNniu9atPLzQUQQN596S/8Ca9nrUDtf2O0La5B2ULwq2ljZH7XebWlMzcA+ns
1TL9qfg9baDmhioQx1ACX4VvwT/RUxQtcmWCVOkYxSYJQvd4wH8XeXAS9xzyceix
ie0S0apWyhP0Z3TWhhmxJqImBUQf/ddymZHhLPJhOzgqepYvWDRzpX5YuJNcLEag
WXsEXOmXxfmj3YTOGkFkX4Fj21fXuHEV6LTcpF7v8kFmSNKPGsAAy5SQL6pTuJVt
2rcVYLuwT/75rX4eTnD2JvWdQtOqTLd/wHv7cYDCrpTT5GDgOIit+KppQHi0VTNe
leBoFFz83XF6fvUCCZzDkhdkOw+Dqr14LTag3pwiLvSYSbcksMWPFnpNiP26yYmH
neR3Y8MRTwoVn5XF6PqYgGSAb2JXDGKV8KJeVMGWuwkkyxPNUuXwLsCxUqQlfn+h
KLintABb1YJn9AXCgA2h1U3QJJ8undqETovcVHyoY+OUYfDCD1T+zAgL4ol6P9N9
kqJGUcF7/EM5DzHh0Doglqx9U1MkXcdXFB/OQHIZ+Xc0PLKTsr7HL2bDdxmAbYoX
MgNxK63Vrl10+5m1bAi4jSe3t+hhvagAMXtZ4iW/iuvtDAUllp5JBVQ0CMMh2ClA
iCMetup5cwqOHcLsG5n6
=4A+9
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc
Type: application/pgp-keys
Size: 5790 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120208/626fd921/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc.sig
Type: application/pgp-signature
Size: 543 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120208/626fd921/attachment.sig>
More information about the Freeipa-users
mailing list