-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all
I'm open to hear some opinions and thoughts on what the best way to auto-provision service principles in an environment with a 100% autonomous build process.. Lets say for example, I wanted to provision a mail server and configure dovecot SSO in the same process. Obviously something like this would be terrible in a production environment as having this in the %post of a kickstart gives away the admin password %post echo redhat123 | kinit admin -- ipa service-add imap/$(hostname) ipa-getkeytab -s ds01.example.com -p imap/$(hostname) -k /etc/dovecot/krb5.keytab Is there are more secure way to perform such a task via kickstart or other provisioning method? Thanks all Dale -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRPaOtAAoJEAJsWS61tB+qzXQQAJr7M1CR+P0lLsxy7gM3/twG FJNCyPdaOgMwVP83R2i2X3WlnNI2nCAF3b+ANBm4SBhseA1Xmidn1+CUltDw20/w wO+NzNBdMYVyQXVr0LziBZPWcdScHuJWp1fAC2DPKI5DmKeWdNf5nmWfBgiRKb6X Xdo2cRbLmxkbqbJvTdVGTOz8LujGuiTHsHXPertB3QKob7tvkZDoSBGI3ZoYckFO dgg7lqaMBeaflOb/uuxV4evjmLIrI48jfKPAVXlp7m8jw47aNgFRxPn0YJxrQXAF 9uV/Y61jVsI5HqW9ofcLeYdKFfWCx1VZwQqpqZRv0Ge0X7npnbMomcTOpSli8Moz 4GVbRLa9YcuXX2AYCJ6F6SpL7M77ogw7CyxgQNGu3LAnGDs8EkN7iwreGrvVF0p3 xx0w9WD0PXLMPpaQxTDba1hO+Lxa/rtAhTHw5/J4qk1sjPjEP4SI/ZlbXeESaEPK XN1WVYV9pbm2j1KRYMM6WsSCWigNg7PMrk7otPiZZQK3XexQzVpsOawfaDcWQoUH YCCb/fBdKHr57wzv93nV4LYhI/vnM/9CV4tI82Vrv3rlQJa0TJJeZKdNvWyKW2WA ldIFpA+Tf3TSBVa+i2fnD8Rp0flWRg7HcX+uMYrmh36qTXvdgF5dlxtRMnmpToQl MBoHhPn6fuGVVdVsNSS/ =0ONW -----END PGP SIGNATURE----- _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users