distributing keytab to install clients
bpkroth at gmail.com
Thu Feb 16 23:00:23 CET 2012
There's a similar challenge with distributing cfengine keys securely.
We did this by writing a simple SSL authenticated perl script attached to
the network via inetd that the fai clients would use to phone home to
the cfmaster server to get their keys. I imagine you could do something
similar with keytabs. Or, have cfengine distribute them via encrypted
Andreas B. Mundt <andi.mundt at web.de> 2012-02-16 22:54:
> Hi everybody!
> In my setup I would like to copy an indiviual kerberos keytab to the
> install clients during or at the end of the installation process. The
> keytab is needed to mount the kerberized home directories. For
> security reasons, I do not want to keep all the keytabs in the
> nfsroot and pick the one for the corresponding client when installing.
> Right now, I scp the keytab manually after the installation, i.e. the
> client has to be 'activated' by copying the keytab. Of course it
> would be nice to do that automatically within the installation
> process without exposing all keytabs.
> Any ideas how to do that best?
> Best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: Digital signature
More information about the linux-fai