[Freeipa-users] scripting ipa commands

JR Aquino JR.Aquino at citrix.com
Thu Mar 6 17:23:23 UTC 2014 

If you don't find an answer for doing it -minus- a ticket, here is what I would suggest.

Create a service user who's only role permissions give them the ability to delete users.

Then perform a getkeytab for the user:
ipa-getkeytab -s ipa.example.com -p <user name to export>@EXAMPLE.COM -k /path/to/username.keytab

Then associate the following along with your cron.  I would also recommend a kdestroy -after- the task is run.
#!/bin/bash

#######
# Auto Kinit
########

/usr/kerberos/bin/klist -s
EXITCODE=$?
if [ $EXITCODE != "0" ] ; then
        /usr/kerberos/bin/kdestroy >> /dev/null 2>&1
        /usr/kerberos/bin/kinit -F username at EXAMPLE.COM -k -t /path/to/username.keytab
fi


On Mar 6, 2014, at 8:48 AM, KodaK <sakodak at gmail.com> wrote:

> Once again, I'm probably missing something that's well documented.  I promise I searched.
> 
> We have a daily termination list that needs to be enforced at 5:00 PM every day.  I can script it up just fine, but sometimes I like to sneak out early.
> 
> I tried to use "at," but since I'm logged out when the job runs there's no ticket and the ipa commands fail.
> 
> ex:
> 
> echo "sh terminate" | at 5:00 PM Friday
> 
> works if I'm logged in with a ticket ("terminate" contains the ipa command to disable / delete users.)
> 
> Is there some way to automate this?  I can leave a terminal open on a VM as a work-around, but I'd like to be cleaner if I can.
> 
> --Jason
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140306/5cb2e983/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140306/5cb2e983/attachment.sig>

More information about the Freeipa-users mailing list