[Freeipa-users] scripting ipa commands [solved]

KodaK sakodak at gmail.com
Thu Mar 6 18:58:09 UTC 2014 

That's pretty much exactly what I was looking for.

Thanks JR.

--Jason


On Thu, Mar 6, 2014 at 11:23 AM, JR Aquino <JR.Aquino at citrix.com> wrote:

> If you don't find an answer for doing it -minus- a ticket, here is what I
> would suggest.
>
> Create a service user who's only role permissions give them the ability to
> delete users.
>
> Then perform a getkeytab for the user:
> ipa-getkeytab -s ipa.example.com -p <user name to export>@EXAMPLE.COM -k
> /path/to/username.keytab
>
> Then associate the following along with your cron.  I would also recommend
> a kdestroy -after- the task is run.
>
> #!/bin/bash
>
> #######
> # Auto Kinit
> ########
>
> /usr/kerberos/bin/klist -s
> EXITCODE=$?
> if [ $EXITCODE != "0" ] ; then
>         /usr/kerberos/bin/kdestroy >> /dev/null 2>&1
>         /usr/kerberos/bin/kinit -F username at EXAMPLE.COM -k -t /path/to/username.keytab
> fi
>
>
>
> On Mar 6, 2014, at 8:48 AM, KodaK <sakodak at gmail.com> wrote:
>
> Once again, I'm probably missing something that's well documented.  I
> promise I searched.
>
> We have a daily termination list that needs to be enforced at 5:00 PM
> every day.  I can script it up just fine, but sometimes I like to sneak out
> early.
>
> I tried to use "at," but since I'm logged out when the job runs there's no
> ticket and the ipa commands fail.
>
> ex:
>
> echo "sh terminate" | at 5:00 PM Friday
>
> works if I'm logged in with a ticket ("terminate" contains the ipa command
> to disable / delete users.)
>
> Is there some way to automate this?  I can leave a terminal open on a VM
> as a work-around, but I'd like to be cleaner if I can.
>
> --Jason
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>


-- 
The government is going to read our mail anyway, might as well make it
tough for them.  GPG Public key ID:  B6A1A7C6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140306/745303c0/attachment.htm>

More information about the Freeipa-users mailing list