Ronald Wimmer wrote: > On 02.11.22 20:44, Jochen Kellner via FreeIPA-users wrote: >> >> Hello Ronald, >> >> Ronald Wimmer via FreeIPA-users <[email protected]> >> writes: >> >>> On 02.11.22 18:20, Rob Crittenden via FreeIPA-users wrote: >>>> Ronald Wimmer via FreeIPA-users wrote: >>>>> In order to integrate our AIX clients we do have to take two steps >>>>> manually: >>>>> >>>>> 1) Enrolling the host >>>>> 2) Fetching the keytab file for this particular host >>>>> >>>>> A quick search in the WebGUIs API browser revealed a host_add >>>>> method but >>>>> I cannot find a method for fetching a keytab file. Did I miss >>>>> something >>>>> here? >>>> There is no IPA API to retrieve a keytab[1]. You should use >>>> ipa-getkeytab. >>> >>> There is no ipa-getkeytab on AIX. So I need to fetch an IPA client's >>> keytab from LDAP, right? >> >> I'd do the following: >> >> 1. Enroll the host in freeipa: >> ipa host-add aix.example.org --ip-address=192.168.30.x >> 2. Allow my user to create a keytab: >> ipa host-allow-create-keytab aix.example.org --users=jochen >> 3. get the keytab: >> ipa-getkeytab -p host/aix.jochen.org -k aix.keytab >> Keytab successfully retrieved and stored in: aix.keytab >> 4. Transfer the keytab to the AIX host > > Thanks Jochen! I am trying to automate these steps. AIX colleagues are a > separate team and do not have the possibility to use ipa commands on a > linux machine at the moment. > > What I need is a possibility to enroll a host and fetch its keytab > comlpletely without ipa commands and manual interaction so that the AIX > guys can do that themselves.
Jochen outlined the recommended way to handle non-Linux OS's. If you want to do it from AIX then you'll need to build ipa-getkeytab on AIX. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
