[Freeipa-users] Automated Kickstart Enrollment
Innes, Duncan
Duncan.Innes at virginmoney.com
Tue Sep 3 08:21:37 UTC 2013
Hi folks,
I've got a question about kickstart enrollment with a one-time password.
Namely, is there any way that it can be done *without* the one-time
password. We're comfortable with the pre-creation of the host in IPA,
but just wonder if there's a way to enrol without the one-time password.
The estate is Red Hat (mostly 6) and we deploy systems via kickstart
from the Satellite. Can the Satellite push out a certificate from the
IPA system that would allow client to enrol without the OTP? Our
enrollment script runs as part of the kickstart postinstall with the OTP
effectively sitting in plain text in the script. Removing the OTP would
remove the plain text authentication from this script, but I may be
opening other security holes as a result.
Cheers
Duncan Innes
This message has been checked for viruses and spam by the Virgin Money email scanning system powered by Messagelabs.
This e-mail is intended to be confidential to the recipient. If you receive a copy in error, please inform the sender and then delete this message.
Virgin Money plc - Registered in England and Wales (Company no. 6952311). Registered office - Jubilee House, Gosforth, Newcastle upon Tyne NE3 4PL. Virgin Money plc is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority.
The following companies also trade as Virgin Money. They are both authorised and regulated by the Financial Conduct Authority, are registered in England and Wales and have their registered office at Discovery House, Whiting Road, Norwich NR4 6EJ: Virgin Money Personal Financial Service Limited (Company no. 3072766) and Virgin Money Unit Trust Managers Limited (Company no. 3000482).
For further details of Virgin Money group companies please visit our website at virginmoney.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130903/98d608b4/attachment.htm>
More information about the Freeipa-users
mailing list