Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ncm-freeipa: docs - fix code blocks and correct method title #1344

Merged
merged 1 commit into from Nov 5, 2018
Merged

ncm-freeipa: docs - fix code blocks and correct method title #1344

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
22 changes: 12 additions & 10 deletions ncm-freeipa/src/main/perl/freeipa.pm
View file
Open in desktop
Expand Up @@ -19,7 +19,8 @@ ncm-freeipa provides support for FreeIPA configuration for

=head2 Server

On the server, create a keytab for the quattor-server user
On the server, create a keytab for the quattor-server user:

kinit admin

uidadmin=`ipa user-show admin |grep UID: |sed "s/UID://;s/ //g;"`
Expand All @@ -38,26 +39,25 @@ On the server, create a keytab for the quattor-server user
done
ipa role-add-member --users=quattor-server "Quattor server"


# use -r option to retrieve existing keytab (e.g. from another ipa server)
ipa-getkeytab -p quattor-server -k /etc/quattor-server.keytab -s ipaserver.example.com

Use these with ncm-freeipa on the server.
Use these with ncm-freeipa on the server:

prefix "/software/components/freeipa/principals/server";
"principal" = "quattor-server";
"keytab" = "/etc/quattor-server.keytab";

(Do not retrieve a keytab for the admin user;
it resets the admin password).
(Do not retrieve a keytab for the admin user, it resets the admin password).

=head2 AII

The AII hooks act on behalf of the host it is going to setup, so
any of those principals cannot be used. Instead we use a fixed
AII principal and keytab.

First we need to add a user with appropriate privileges
First we need to add a user with appropriate privileges:

kinit admin

uidadmin=`ipa user-show admin |grep UID: |sed "s/UID://;s/ //g;"`
Expand All @@ -74,15 +74,17 @@ First we need to add a user with appropriate privileges
ipa role-add-privilege "Quattor AII" --privileges="Host Administrators"
ipa role-add-member --users=quattor-aii "Quattor AII"

On the AII host (assuming the host is already added to IPA)
On the AII host (assuming the host is already added to IPA):

kinit admin
# use -r option to retrieve existing keytab (e.g. from another AII server)
ipa-getkeytab -p quattor-aii -k /etc/quattor-aii.keytab -s ipaserver.example.com
kdestroy


(If you have granted the host principal the rights to retrieve the quattor-aii keytab,
you can add in the template of the AII host
you can add in the template of the AII host:

prefix "/software/components/freeipa/principals/aii";
"principal" = "quattor-aii";
"keytab" = "/etc/quattor-aii.keytab";
Expand Down Expand Up @@ -432,9 +434,9 @@ sub certificates
return;
}

=head2 server
=head2 client

Configure server settings
Configure client settings

=cut

Expand Down