Ronald Wimmer via FreeIPA-users <[email protected]> writes:
>> Jochen already provided you the required commands. They can be >> automated >> easily. > > I was still thinking about how to do that from the AIX side. I'm > sorry... Obviously I could need more coffee. ;-) A lot of what can be done depends on what you use as AIX automation. If you still use shell scripts - ssh to a linux host is your most likely solution. If you use something like ansible, you might want to check "delegate_to" in the ansible documentation. In the unlikely event you use SALT, have a look at orchestration. For other tool I declare total ignorance. There are lots and lots of possible solutions. Just a hint how you might handle authentication for IPA commands: Add a user to IPA that has the role "Enrollment Administrator". Get a keytab for that user and store it at a save place on your IPA client. You should be able to run "ipa" and other commands with and not giving name/password on the command line: env KRB5_CLIENT_KTNAME=/path/to/key.tab ipa ... (you might need to install urllib-gssapi or python3-urllib-gssapi) That would still need some experimenting, but I'm sure it will work in the end. Remember that the AIX host and freeipa need to agree what's the last kvno is - That might be a problem while experimenting. Jochen -- This space is intentionally left blank. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
