Modify ipahost module: the authentication is done locally on the controller

node and the credential cache is copied to the managed node ipahost module is also using facts gathered from the server to find the domain and realm.
2026-03-26 21:33:05 +00:00 · 2017-08-10 16:54:44 +02:00
parent 09f45e4acd
commit 38d7223376
10 changed files with 430 additions and 66 deletions
--- a/inventory/hosts
+++ b/inventory/hosts
@@ -9,7 +9,13 @@ ipaclient_domain=ipadomain.com
 ipaclient_realm=IPADOMAIN.COM
 ipaclient_server=ipaserver.ipadomain.com
 ipaclient_extraargs=[ '--kinit-attempts=3', '--mkhomedir']
+# if neither ipaclient_password nor ipaclient_keytab is defined,
+# the enrollement will create a OneTime Password and enroll with this OTP
+# In this case ipaserver_password or ipaserver_keytab is required
+#ipaclient_principal=admin
+#ipaclient_password=SecretPassword123
+#ipaclient_keytab=/tmp/krb5.keytab
+ipaserver_principal=admin
+#ipaserver_password=SecretPassword123
+ipaserver_keytab=files/admin.keytab

-[ipaservers:vars]
-ipa_admin=admin
-ipa_password=MySecretPassword123