ipaclient_get_keytab: Do not use gssapi for kinit_keytab

Due to a change in Ansible to depend on Python 3.8 it is needed to only use bindings that are provided by Python and Ansible core. gssapi is therefore not usable any more. The kinit_keytab function was using gssapi and now has to use the kinit command insead.
2026-03-26 21:33:05 +00:00 · 2022-01-18 10:22:04 +01:00
parent 78091e2238
commit b0252fb57a
3 changed files with 8 additions and 18 deletions
--- a/README.md
+++ b/README.md
@@ -65,7 +65,6 @@ Requirements
 **Controller**
 * Ansible version: 2.8+ (ansible-freeipa is an Ansible Collection)
 * /usr/bin/kinit is required on the controller if a one time password (OTP) is used
-* python3-gssapi is required on the controller if a one time password (OTP) is used with keytab to install the client.

 **Node**
 * Supported FreeIPA version (see above)
@@ -285,7 +284,8 @@ ipaserver_domain=test.local
 ipaserver_realm=TEST.LOCAL
 ```

-For enhanced security it is possible to use a auto-generated one-time-password (OTP). This will be generated on the controller using the (first) server. It is needed to have the python-gssapi bindings installed on the controller for this.
+For enhanced security it is possible to use a auto-generated one-time-password (OTP). This will be generated on the controller using the (first) server.
+
 To enable the generation of the one-time-password:
 ```yaml
 [ipaclients:vars]