Hi Guys, What is the best way to distribute a 'user' keytab to distribute keytabs to allow 'system users' to run scripts with non-interactive auth? Is it possible to use the ipa-getkeytab feature ( with "-r" option ) to request a keytab for a user principal? I see support for HOST and SERVICE keytabs, but nothing specific to user keytabs?
Concept Example: ipa-getkeytab -s ipa_server -p [email protected] -k ipa_cron.keytab -r KRB5_KTNAME=ipa_cron.keytab service.py Actual Results ( tried with tgt for cron_runner or admin ): [sysadmin@01 ~]$ ipa-getkeytab -s coipa100 -p [email protected] -kipa_cron.keytab -r Failed to parse result: Insufficient access rights My only other option is grab the keytab and copy it around after initial creation ( understanding that each keytab requests bumps the KVNO ). My goal is to make password-less authentication for automated processes as easy as possible to setup....ipa-getkeytab seems like its almost there? Love the work you guys are putting out, its a really cool system. Thanks, Matt -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
