Watson, Dan wrote:
> Hi all,
> Can anyone tell me how to script calls from the ipa server? I would like
> to be able to do something like “ipa group-show unix_admin” in a script,
> but I don’t know how to pass Kerberos credentials that don’t expire.

I think you want to use credentials in a keytab. Then, before you call
your command, you can run:

$ kinit -kt /path/to/keytab princ@REALM

This can be wasteful because it always gets a new ticket.

Depending on your distro, if you have gss-proxy, it can take care of a
lot of those details for you.


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to