Is there a way to enable a user to be able to retrieve all host keytabs
without explicitly allowing for each host?
In short we have a very large, stateless environment. We are currently in
the process of converting to RHEL in order to receive support. The size of
our environment makes force joining on boot a nightmare even though it
worked in testing. I have spoken with our RH rep and the advice we received
from the IDM team, via our rep, was to retrieve the host keytab on boot for
registered machines. We are aware of the risks involved but need a solution
that allows 8k plus hosts to boot without completely overloading the
FreeIPA cluster. With the available documentation I cannot find a way to
allow the service account we will be using to retrieve all host keytabs. As
you can imagine, explicitly allowing for each host would a tedious process
and prone to error.
Thanks in advance for any responses.
Senior Linux Administrator
16200 Park Row Drive, Suite 100
Houston TX 77084, USA
tel +1 832 582 3221