Hello everybody, 1. How can I get machine that is joined as ipa-client recieve a kerberos ticket for a specific user without storing a password or having to manually login? I want to replace this, manual systemd tricker that I currently run: ExecStart=/usr/bin/bash -c "echo -n "secretpass" | kinit -r 14d -l 7d service(a)REALM.LAN" I need the kerberos ticket because I use it to autenticate with smbclient -k to a samba serve to get access to files. 2. How can I make a system user like the admin account only without admin rights, but still available with id and getent tools. I need machine account that holds a kerberos ticket. A normal user shows up everywhere through LDAP, the admin user does not but is still available in sssd and other integrations. Kind regards, Jelle de Jong