Service account with only ‘Join Computers to Domain’ privilege. Then generate a keytab and use that to get your Kerberos ticket for joining. Kickstart could ‘curl’ the file from a secure location and you can clean the keytab up after the join.
From: Zdravko Zdravkov <[email protected]> Sent: Tuesday, July 9, 2019 1:39 AM To: End-user discussions about the System Security Services Daemon <[email protected]> Subject: [SSSD-users] How to automate realm join command? EXTERNAL MAIL: [email protected]<mailto:[email protected]> Hi all. I'm looking for the best way to automate the realm join command. Ideally I'd achieve that in kickstart or at first login. I've been considering some kind of shell script, but it seems that it will work only when password is in plain text, which I want to to avoid if possible. Thanks for any suggestions
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
