search

ncsa / xcat-tools

Useful tools for xCAT
BSD 3-Clause "New" or "Revised" License
8 stars 0 forks source link

Make rebuild_node play nice with kerberos #2

Open andylytical opened 5 years ago

andylytical commented 5 years ago

If a node doesn't have it's krb keytab file backed up by xcat yet and is rebuilt, it is unable to join the kerberos realm.

Two possible resolutions are:

  1. Before a rebuild, force a backup of the keytab.
  2. Before a rebuild, delete the node from the KDC (as follows): 
    bash
PRINCIPAL="host/$(hostname -f)@NCSA.EDU"
kadmin -p $PRINCIPAL -q "delprinc $PRINCIPAL" -k -t /etc/krb5.keytab