On 02.11.22 20:44, Jochen Kellner via FreeIPA-users wrote:
>
> Hello Ronald,
>
> Ronald Wimmer via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
> writes:
>
>> On 02.11.22 18:20, Rob Crittenden via FreeIPA-users wrote:
>>> Ronald Wimmer via FreeIPA-users wrote:
>>>> In order to integrate our AIX clients we do have to take two steps
>>>> manually:
>>>>
>>>> 1) Enrolling the host
>>>> 2) Fetching the keytab file for this particular host
>>>>
>>>> A quick search in the WebGUIs API browser revealed a host_add
>>>> method but
>>>> I cannot find a method for fetching a keytab file. Did I miss
>>>> something
>>>> here?
>>> There is no IPA API to retrieve a keytab[1]. You should use
>>> ipa-getkeytab.
>>
>> There is no ipa-getkeytab on AIX. So I need to fetch an IPA client's
>> keytab from LDAP, right?
>
> I'd do the following:
>
> 1. Enroll the host in freeipa:
> ipa host-add
aix.example.org --ip-address=192.168.30.x
> 2. Allow my user to create a keytab:
> ipa host-allow-create-keytab
aix.example.org --users=jochen
> 3. get the keytab:
> ipa-getkeytab -p
host/aix.jochen.org -k aix.keytab
> Keytab successfully retrieved and stored in: aix.keytab
> 4. Transfer the keytab to the AIX host
Thanks Jochen! I am trying to automate these steps. AIX colleagues are a
separate team and do not have the possibility to use ipa commands on a
linux machine at the moment.
What I need is a possibility to enroll a host and fetch its keytab
comlpletely without ipa commands and manual interaction so that the AIX
guys can do that themselves.
Jochen outlined the recommended way to handle non-Linux OS's. If you
want to do it from AIX then you'll need to build ipa-getkeytab on AIX.
rob