[Freeipa-users] Scripting reports from ipa?
Rob Crittenden
rcritten at redhat.com
Tue Mar 17 21:09:22 UTC 2015
Watson, Dan wrote:
> Hi all,
>
>
>
> Can anyone tell me how to script calls from the ipa server? I would like
> to be able to do something like “ipa group-show unix_admin” in a script,
> but I don’t know how to pass Kerberos credentials that don’t expire.
I think you want to use credentials in a keytab. Then, before you call
your command, you can run:
$ kinit -kt /path/to/keytab princ at REALM
This can be wasteful because it always gets a new ticket.
Depending on your distro, if you have gss-proxy, it can take care of a
lot of those details for you.
rob
More information about the Freeipa-users
mailing list