Skip to content
Commit 09ab29b4 authored by Thomas Woerner's avatar Thomas Woerner
Browse files

ansible_freeipa_module: Add support for GSSAPI 

The GSSAPI can be enabled in the management modules with either the
KRB5CCNAME or the KRB5_CLIENT_KTNAME environment variable.

For KRB5CCNAME it is needed to create a ccache file

  kinit admin@TEST.LOCAL -c /root/admin.ccache

that is transferred to the nodes (here into /root) and activated in the
playbook with

  environment:
    KRB5CCNAME: /root/admin.ccache

For KRB5_CLIENT_KTNAME a admin keytab has to be generated

  ipa-getkeytab -s ipaserver.test.local -p admin@TEST.LOCAL -k \
  /root/admin.keytab

that is transferred to the nodes (here into /root) and activated in the
playbook with

  environment:
    KRB5_CLIENT_KTNAME: /root/admin.keytab

It will be needed to set ipaadmin_principal if the admin principal is not
admin.

The management modules can be used without a password in this case.
parent c69d0bc5
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment