If you don't find an answer for doing it -minus- a ticket, here is what I would suggest.
Create a service user who's only role permissions give them the ability to delete users. Then perform a getkeytab for the user: ipa-getkeytab -s ipa.example.com -p <user name to export>@EXAMPLE.COM -k /path/to/username.keytab Then associate the following along with your cron. I would also recommend a kdestroy -after- the task is run. #!/bin/bash ####### # Auto Kinit ######## /usr/kerberos/bin/klist -s EXITCODE=$? if [ $EXITCODE != "0" ] ; then /usr/kerberos/bin/kdestroy >> /dev/null 2>&1 /usr/kerberos/bin/kinit -F usern...@example.com -k -t /path/to/username.keytab fi On Mar 6, 2014, at 8:48 AM, KodaK <sako...@gmail.com> wrote: > Once again, I'm probably missing something that's well documented. I promise > I searched. > > We have a daily termination list that needs to be enforced at 5:00 PM every > day. I can script it up just fine, but sometimes I like to sneak out early. > > I tried to use "at," but since I'm logged out when the job runs there's no > ticket and the ipa commands fail. > > ex: > > echo "sh terminate" | at 5:00 PM Friday > > works if I'm logged in with a ticket ("terminate" contains the ipa command to > disable / delete users.) > > Is there some way to automate this? I can leave a terminal open on a VM as a > work-around, but I'd like to be cleaner if I can. > > --Jason > _______________________________________________ > Freeipa-users mailing list > Freeipafirstname.lastname@example.org > https://www.redhat.com/mailman/listinfo/freeipa-users
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users