[Freeipa-users] ipa-getkeytab during %post

Dale Macartney dale at themacartneyclan.com
Wed Feb 8 14:44:51 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Simo

ipa-client-install is provided by the ipa-client rpm. Details below

Name        : ipa-client
Arch        : x86_64
Version     : 2.1.3
Release     : 9.el6
Size        : 222 k
Repo        : installed


What I am trying to achieve is these two commands in a post...

ipa service-add HTTP/$(hostname)
this definitely requires an authenticated user to add i'm sure


ipa-getkeytab -s ds01.example.com -p HTTP/$(hostname) -k
/etc/squid/krb5.keytab
this one I suspect might be able to be retrieved using the host/
principle from the system after running ipa-client-install.


Does this help paint a picture?


Dale


On 02/08/2012 01:49 PM, Simo Sorce wrote:
> On Wed, 2012-02-08 at 11:13 +0000, Dale Macartney wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> morning all...
>>
>> i'm dabbling with automated provisioning of ipa client servers, and i'm
>> a little perplexed on how to add a keytab to a system during the %post
>> section of a kickstart...
>>
>> i've run ipa-client-install -U -p admin -w redhat123 which works
>> perfect, but in order to run ipa-getkeytab i need a tgt, which doesn't
>> appear to be generated during the ipa-client-install.
>>
>> any suggestions on doing this during a post?
>
> What version of ipa-client-install are you using ?
>
> Newer versions (2.x) should fetch a keytab for your system (needs
> credentials or OTP password.
>
> Simo.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPMopXAAoJEAJsWS61tB+qyg8QAJPJJB8/9sxjKmKaEreRQyRb
NgHUaaY1FRGs7CvtTeSTY177bnVerr8dJGj3nmqMCwlveUEXZS2T8mBWxVpRm/BW
HrNR5i9kEIXL6HiaYfZMCVX1pyaxsStCnZJCiBjDDL5PsIX6FCsuUEYX4BGXyLAU
s212Ugn46vYY4E5d8Cwi6BS0MW6c9a3yoPXAH4A8JCSjIptYXMuBY8YFHiQLLAPi
AID7Q4N3U5FC6B0ahqhL64tAL8EggMkxhJ0Flhz7aWboz14bL7+M+vx3qVxF2W0z
WgaO13ai/lTL/jTy1n3dBVegqdACRTgH/K094+iaq96flhBrfzYiDaeCtj9OgoAV
ntHJksEPuC2X2lc8IRgzWVFa847+GMYl3YdYt0jflCcRAoWnpsaNW5F4HKG9K2Ob
sXEo+/4sSku85Ezu7rJyS5zNn6BfdynxOGfaYqavWK3lyegxpHaIBdxR3YPi9Esm
mrRvN3mkfAaUWboxImOJvZTgv+P/jq7CFlokaTGakeJT2N5/HpQADw1haNLDDvoY
DFfE3EgkmkT04Lcg+tCxouybYYdWdNSLl86maDsxeIHbyrnHQjgZ+Pw2KsMd1BUD
huqromxtFnUoY6DY2cwRFTGFJihkX3/Grai2ojPGFgiNA5H1G1APs5J2i9dafp1x
UftjI6x2lzTqQw/BNqLL
=mInj
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc
Type: application/pgp-keys
Size: 5790 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120208/972ba555/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc.sig
Type: application/pgp-signature
Size: 543 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120208/972ba555/attachment.sig>

More information about the Freeipa-users mailing list