On 02.11.22 20:44, Jochen Kellner via FreeIPA-users wrote:
Hello Ronald,
Ronald Wimmer via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
writes:
> On 02.11.22 18:20, Rob Crittenden via FreeIPA-users wrote:
>> Ronald Wimmer via FreeIPA-users wrote:
>>> In order to integrate our AIX clients we do have to take two steps
>>> manually:
>>>
>>> 1) Enrolling the host
>>> 2) Fetching the keytab file for this particular host
>>>
>>> A quick search in the WebGUIs API browser revealed a host_add method but
>>> I cannot find a method for fetching a keytab file. Did I miss something
>>> here?
>> There is no IPA API to retrieve a keytab[1]. You should use
>> ipa-getkeytab.
>
> There is no ipa-getkeytab on AIX. So I need to fetch an IPA client's
> keytab from LDAP, right?
I'd do the following:
1. Enroll the host in freeipa:
ipa host-add
aix.example.org --ip-address=192.168.30.x
2. Allow my user to create a keytab:
ipa host-allow-create-keytab
aix.example.org --users=jochen
3. get the keytab:
ipa-getkeytab -p
host/aix.jochen.org -k aix.keytab
Keytab successfully retrieved and stored in: aix.keytab
4. Transfer the keytab to the AIX host
Thanks Jochen! I am trying to automate these steps. AIX colleagues are a
separate team and do not have the possibility to use ipa commands on a
linux machine at the moment.
What I need is a possibility to enroll a host and fetch its keytab
comlpletely without ipa commands and manual interaction so that the AIX
guys can do that themselves.
Cheers,
Ronald