On 02/08/2012 11:06 AM, Dale Macartney wrote:
thanks for the confirmation earlier Rob, that does make a lot of sense.
am I right in assuming that to run the following, would not work with
a host principle? Presumably I'd need admin priviledges to create a
service principle for a host.
On Wed, Feb 08, 2012 at 11:13:36AM +, Dale Macartney wrote:
i'm dabbling with automated provisioning of ipa client servers, and i'm
a little perplexed on how to add a keytab to a system during the %post
section of a kickstart...
i've run ipa-client-install -U -p admin -w redhat123
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thanks Christian
I was thinking the same to be honest..
the issue with having a password in a kickstart is obviously that
someone can read it in clear text. here I would see the need to use a
specific role account with limited ability, but the
On Wed, 2012-02-08 at 11:13 +, Dale Macartney wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
morning all...
i'm dabbling with automated provisioning of ipa client servers, and i'm
a little perplexed on how to add a keytab to a system during the %post
section of a kickstart...
If you are really trying to go the route of using the password, the best way to
accomplish that is to procedurally ADD the host ahead of time with the -random
flag to generate a one-time-pass. Then insert that 1 time password dynamically
into the kickstart script.
If you want to approach the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi JR
I agree with your statement of acceptable risk.. this is my main reason
for questioning..
The ideal situation would be to run this as a satellite kickstart
snippet for provisioning with kickstart profiles... That way I can
utilize the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
thanks for the confirmation earlier Rob, that does make a lot of sense.
am I right in assuming that to run the following, would not work with a
host principle? Presumably I'd need admin priviledges to create a
service principle for a host.
ipa