What is the best way to distribute a 'user' keytab to distribute
keytabs to allow 'system users' to run scripts with non-interactive
auth? Is it possible to use the ipa-getkeytab feature ( with "-r"
option ) to request a keytab for a user principal? I see support for
HOST and SERVICE keytabs, but nothing specific to user keytabs?
ipa-getkeytab -s ipa_server -p cron_run...@realm.com -k ipa_cron.keytab -r
Actual Results ( tried with tgt for cron_runner or admin ):
[sysadmin@01 ~]$ ipa-getkeytab -s coipa100 -p cron_run...@realm.com
Failed to parse result: Insufficient access rights
My only other option is grab the keytab and copy it around after
initial creation ( understanding that each keytab requests bumps the
KVNO ). My goal is to make password-less authentication for automated
processes as easy as possible to setup....ipa-getkeytab seems like its
Love the work you guys are putting out, its a really cool system.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project