[Freeipa-users] Discussion: What would be the best way to create service principles via provisioning
Christian Horn
chorn at fluxcoil.net
Mon Mar 11 11:39:12 UTC 2013
Dale Macartneyさんが書きました:
>
> On 03/11/2013 11:04 AM, Christian Horn wrote:
> >
> > How about having service-add/ipa-getkeytab done on the server,
> > and having the keytab deployed onto the clientsystem using scp from
> > the server, or via configmanagement?
> That definitely gets around security concerns, however still requires
> some manual intervention... the keytab could be pushed using config
> management, but generating it in the first place still requires work as
> a trusted user.
Yes, but this could be automated.
If you deploy i.e. with cobbler there were IIRC hooks so one can do
serverside tasks, as soon as a system gets added. So the secret could
be embedded in a script there.
Christian
More information about the Freeipa-users
mailing list