-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks Christian
I was thinking the same to be honest.. the issue with having a password in a kickstart is obviously that someone can read it in clear text. here I would see the need to use a specific role account with limited ability, but the issue remains the same... its a clear text password and has the ability to read ipa data. I was pondering the idea of fetching a keytab file, however as the system has not yet registered itself into ipa, there is no host data available to be exported to a key.. has anyone performed this kind of task in an environment of their own so far? Dale On 02/08/2012 09:28 AM, Christian Horn wrote: > On Wed, Feb 08, 2012 at 11:13:36AM +0000, Dale Macartney wrote: >> >> i'm dabbling with automated provisioning of ipa client servers, and i'm >> a little perplexed on how to add a keytab to a system during the %post >> section of a kickstart... >> >> i've run ipa-client-install -U -p admin -w redhat123 which works >> perfect, but in order to run ipa-getkeytab i need a tgt, which doesn't >> appear to be generated during the ipa-client-install. >> >> any suggestions on doing this during a post? > > The password does not look nice here thou.. > > echo 'redhat123' | kinit admin -- > > One might also be able to fetch the ticket as a file and deploy > it on the system for usage. > > Christian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPMl2QAAoJEAJsWS61tB+qhMgQAJYPwAWUFr7jNzl5C6qVcAPS 1q8dNniu9atPLzQUQQN596S/8Ca9nrUDtf2O0La5B2ULwq2ljZH7XebWlMzcA+ns 1TL9qfg9baDmhioQx1ACX4VvwT/RUxQtcmWCVOkYxSYJQvd4wH8XeXAS9xzyceix ie0S0apWyhP0Z3TWhhmxJqImBUQf/ddymZHhLPJhOzgqepYvWDRzpX5YuJNcLEag WXsEXOmXxfmj3YTOGkFkX4Fj21fXuHEV6LTcpF7v8kFmSNKPGsAAy5SQL6pTuJVt 2rcVYLuwT/75rX4eTnD2JvWdQtOqTLd/wHv7cYDCrpTT5GDgOIit+KppQHi0VTNe leBoFFz83XF6fvUCCZzDkhdkOw+Dqr14LTag3pwiLvSYSbcksMWPFnpNiP26yYmH neR3Y8MRTwoVn5XF6PqYgGSAb2JXDGKV8KJeVMGWuwkkyxPNUuXwLsCxUqQlfn+h KLintABb1YJn9AXCgA2h1U3QJJ8undqETovcVHyoY+OUYfDCD1T+zAgL4ol6P9N9 kqJGUcF7/EM5DzHh0Doglqx9U1MkXcdXFB/OQHIZ+Xc0PLKTsr7HL2bDdxmAbYoX MgNxK63Vrl10+5m1bAi4jSe3t+hhvagAMXtZ4iW/iuvtDAUllp5JBVQ0CMMh2ClA iCMetup5cwqOHcLsG5n6 =4A+9 -----END PGP SIGNATURE-----
0xB5B41FAA.asc
Description: application/pgp-keys
0xB5B41FAA.asc.sig
Description: PGP signature
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
