Hi All, I have a setup where both the Ansible command machine itself and all the managed nodes are running Linux. They are part of Kerberos realm and I would like to use a directory user for Ansible SSH connections, authenticated from a Keytab file.
At the moment I have a solution where a cron job running on the command machine regularly performs a kinit on behalf of the account used by Ansible while I specify the following in the inventory file: [all:vars] # enable Kerberos ticket delegation for ssh and scp ansible_ssh_extra_args=' -K ' ansible_scp_extra_args=' -o GSSAPIAuthentication=yes ' While this works, I am wondering if there is any better way of doing this. Is my understanding correct that there is no out-of-the-box support for Ansible to authenticate its SSH sessions from a Kerberos *keytab file*? Is there any best practice/convention/recommendation for such cases you could point me to? Thanks, Peter -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d4dff170-4b0c-4058-8261-958e062db841%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
