Hi Peter, I'm currently dealing with the same situation, so I'm as well very intersted in out of the box solution, or any suggestions.
Marek On Tuesday, September 25, 2018 at 5:36:56 PM UTC+2, Peter Horvath wrote: > > Hi All, > > I have a setup where both the Ansible command machine itself and all the > managed nodes are running Linux. > They are part of Kerberos realm and I would like to use a directory user > for Ansible SSH connections, authenticated from a Keytab file. > > At the moment I have a solution where a cron job running on the command > machine regularly performs a kinit on behalf of the account used by Ansible > while I specify the following in the inventory file: > > [all:vars] > # enable Kerberos ticket delegation for ssh and scp > ansible_ssh_extra_args=' -K ' > ansible_scp_extra_args=' -o GSSAPIAuthentication=yes ' > > > While this works, I am wondering if there is any better way of doing this. > > > Is my understanding correct that there is no out-of-the-box support for > Ansible to authenticate its SSH sessions from a Kerberos *keytab file*? > Is there any best practice/convention/recommendation for such cases you could > point me to? > > Thanks, > Peter > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5ec33598-967d-4e70-acf3-be791bb1b358%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
