distributing keytab to install clients
Brian Kroth
bpkroth at gmail.com
Thu Feb 16 23:00:23 CET 2012
There's a similar challenge with distributing cfengine keys securely.
We did this by writing a simple SSL authenticated perl script attached to
the network via inetd that the fai clients would use to phone home to
the cfmaster server to get their keys. I imagine you could do something
similar with keytabs. Or, have cfengine distribute them via encrypted
copy rules.
Brian
Andreas B. Mundt <andi.mundt at web.de> 2012-02-16 22:54:
> Hi everybody!
>
> In my setup I would like to copy an indiviual kerberos keytab to the
> install clients during or at the end of the installation process. The
> keytab is needed to mount the kerberized home directories. For
> security reasons, I do not want to keep all the keytabs in the
> nfsroot and pick the one for the corresponding client when installing.
>
> Right now, I scp the keytab manually after the installation, i.e. the
> client has to be 'activated' by copying the keytab. Of course it
> would be nice to do that automatically within the installation
> process without exposing all keytabs.
>
> Any ideas how to do that best?
>
> Best regards,
>
> Andi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20120216/c86c5a85/attachment.bin>
More information about the linux-fai
mailing list