Hello Ronald,
Ronald Wimmer via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
writes:
On 02.11.22 18:20, Rob Crittenden via FreeIPA-users wrote:
> Ronald Wimmer via FreeIPA-users wrote:
>> In order to integrate our AIX clients we do have to take two steps
>> manually:
>>
>> 1) Enrolling the host
>> 2) Fetching the keytab file for this particular host
>>
>> A quick search in the WebGUIs API browser revealed a host_add method but
>> I cannot find a method for fetching a keytab file. Did I miss something
>> here?
> There is no IPA API to retrieve a keytab[1]. You should use
> ipa-getkeytab.
There is no ipa-getkeytab on AIX. So I need to fetch an IPA client's
keytab from LDAP, right?
I'd do the following:
1. Enroll the host in freeipa:
ipa host-add
aix.example.org --ip-address=192.168.30.x
2. Allow my user to create a keytab:
ipa host-allow-create-keytab
aix.example.org --users=jochen
3. get the keytab:
ipa-getkeytab -p
host/aix.jochen.org -k aix.keytab
Keytab successfully retrieved and stored in: aix.keytab
4. Transfer the keytab to the AIX host
HTH
Jochen
--
This space is intentionally left blank.