[Freeipa-users] scripting ipa commands
JR Aquino
JR.Aquino at citrix.com
Thu Mar 6 17:23:23 UTC 2014
If you don't find an answer for doing it -minus- a ticket, here is what I would suggest.
Create a service user who's only role permissions give them the ability to delete users.
Then perform a getkeytab for the user:
ipa-getkeytab -s ipa.example.com -p <user name to export>@EXAMPLE.COM -k /path/to/username.keytab
Then associate the following along with your cron. I would also recommend a kdestroy -after- the task is run.
#!/bin/bash
#######
# Auto Kinit
########
/usr/kerberos/bin/klist -s
EXITCODE=$?
if [ $EXITCODE != "0" ] ; then
/usr/kerberos/bin/kdestroy >> /dev/null 2>&1
/usr/kerberos/bin/kinit -F username at EXAMPLE.COM -k -t /path/to/username.keytab
fi
On Mar 6, 2014, at 8:48 AM, KodaK <sakodak at gmail.com> wrote:
> Once again, I'm probably missing something that's well documented. I promise I searched.
>
> We have a daily termination list that needs to be enforced at 5:00 PM every day. I can script it up just fine, but sometimes I like to sneak out early.
>
> I tried to use "at," but since I'm logged out when the job runs there's no ticket and the ipa commands fail.
>
> ex:
>
> echo "sh terminate" | at 5:00 PM Friday
>
> works if I'm logged in with a ticket ("terminate" contains the ipa command to disable / delete users.)
>
> Is there some way to automate this? I can leave a terminal open on a VM as a work-around, but I'd like to be cleaner if I can.
>
> --Jason
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140306/5cb2e983/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140306/5cb2e983/attachment.sig>
More information about the Freeipa-users
mailing list