Hi, On Thu, 19 May 2016, at 04:24 PM, 'J Hawkesworth' via Ansible Project wrote: > Just to say my stuff mentioned above only lets you point at multiple domains > from one ansible controller, it doesn't let you hit > 1 windows domain from a > single playbook run. > It would probably be possible to modify it but right now once it has cached a > kerberos ticket for a windows host it returns control to ansible.
I do something similar, but in a shell script I use that calls ansible-playbook - not quite as neat as doing it via a callback, but it's in place anyway to set up other bits of the environment. Roughly, that's - KRB5CCNAME=`mktemp` export KRB5CCNAME kinit -l 2h -k -t /path/to/keytab "$ADPRINC" ansible-playbook <options> kdestroy Where $ADPRINC is the kerberos principal name (eg user@DOMAIN) passed into the script. You can add keys for the various principals to the keytab using ktutil. Using a keytab avoids passing passwords around (and risking them being echoed or logged) and means you don't have to deal with piping them into kinit. Barney. -- Barney Sowood [email protected] -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1464078233.1601709.616892761.561173F2%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
