Re: distributing keytab to install clients

Thu, 16 Feb 2012 14:00:42 -0800

There's a similar challenge with distributing cfengine keys securely. We did this by writing a simple SSL authenticated perl script attached to the network via inetd that the fai clients would use to phone home to the cfmaster server to get their keys. I imagine you could do something similar with keytabs. Or, have cfengine distribute them via encrypted copy rules. 

Brian

Andreas B. Mundt <[email protected]> 2012-02-16 22:54:

Hi everybody!

In my setup I would like to copy an indiviual kerberos keytab to the
install clients during or at the end of the installation process. The
keytab is needed to mount the kerberized home directories.  For
security reasons, I do not want to keep all the keytabs in the
nfsroot and pick the one for the corresponding client when installing.

Right now, I scp the keytab manually after the installation, i.e. the
client has to be 'activated' by copying the keytab.  Of course it
would be nice to do that automatically within the installation
process without exposing all keytabs.

Any ideas how to do that best?

Best regards,

    Andi

Attachment: signature.asc
Description: Digital signature

Antwort per Email an