[Freeipa-users] Discussion: What would be the best way to create service principles via provisioning
Dale Macartney
dale at themacartneyclan.com
Mon Mar 11 09:28:16 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all
I'm open to hear some opinions and thoughts on what the best way to
auto-provision service principles in an environment with a 100%
autonomous build process..
Lets say for example, I wanted to provision a mail server and configure
dovecot SSO in the same process.
Obviously something like this would be terrible in a production
environment as having this in the %post of a kickstart gives away the
admin password
%post
echo redhat123 | kinit admin --
ipa service-add imap/$(hostname)
ipa-getkeytab -s ds01.example.com -p imap/$(hostname) -k
/etc/dovecot/krb5.keytab
Is there are more secure way to perform such a task via kickstart or
other provisioning method?
Thanks all
Dale
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJRPaOtAAoJEAJsWS61tB+qzXQQAJr7M1CR+P0lLsxy7gM3/twG
FJNCyPdaOgMwVP83R2i2X3WlnNI2nCAF3b+ANBm4SBhseA1Xmidn1+CUltDw20/w
wO+NzNBdMYVyQXVr0LziBZPWcdScHuJWp1fAC2DPKI5DmKeWdNf5nmWfBgiRKb6X
Xdo2cRbLmxkbqbJvTdVGTOz8LujGuiTHsHXPertB3QKob7tvkZDoSBGI3ZoYckFO
dgg7lqaMBeaflOb/uuxV4evjmLIrI48jfKPAVXlp7m8jw47aNgFRxPn0YJxrQXAF
9uV/Y61jVsI5HqW9ofcLeYdKFfWCx1VZwQqpqZRv0Ge0X7npnbMomcTOpSli8Moz
4GVbRLa9YcuXX2AYCJ6F6SpL7M77ogw7CyxgQNGu3LAnGDs8EkN7iwreGrvVF0p3
xx0w9WD0PXLMPpaQxTDba1hO+Lxa/rtAhTHw5/J4qk1sjPjEP4SI/ZlbXeESaEPK
XN1WVYV9pbm2j1KRYMM6WsSCWigNg7PMrk7otPiZZQK3XexQzVpsOawfaDcWQoUH
YCCb/fBdKHr57wzv93nV4LYhI/vnM/9CV4tI82Vrv3rlQJa0TJJeZKdNvWyKW2WA
ldIFpA+Tf3TSBVa+i2fnD8Rp0flWRg7HcX+uMYrmh36qTXvdgF5dlxtRMnmpToQl
MBoHhPn6fuGVVdVsNSS/
=0ONW
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list