Open Thulium-Drake opened 10 months ago
The tasks we use currently for settings up Kerberos:
- name: 'Ensure Kerberos Principal'
freeipa.ansible_freeipa.ipaservice:
name: "HTTP/{{ ansible_facts['fqdn'] }}@{{ ipaclient_domain | upper }}"
state: 'present'
ipaadmin_principal: "{{ cockpit_ipa_username }}"
ipaadmin_password: "{{ cockpit_ipa_password }}"
delegate_to: "{{ cockpit_ipa_server }}"
- name: 'Retrieve keytab'
ansible.builtin.shell: |
kinit -k
ipa-getkeytab -p HTTP/$(hostname -f)@{{ ipaclient_domain | upper }} -k '/etc/cockpit/krb5.keytab'
args:
creates: '/etc/cockpit/krb5.keytab'
- name: 'Ensure keytab ownership/permissions'
ansible.builtin.file:
path: '/etc/cockpit/krb5.keytab'
owner: 'root'
group: 'root'
mode: '0400'
Not sure if this is the cleanest way to set it up, but maybe it helps :-)
Hi there,
In our organization we have Cockpit configured with Kerberos Authentication (https://cockpit-project.org/guide/latest/sso)
Is this something this role can also support?