Hello All
44 views
Skip to first unread message
malek sakir
May 26, 2023, 9:38:59 AM5/26/23
to Ansible Project
Anyone have proper documents for
Kerberos-based Authentication for ansible then please help me .
Thank You
Malek Sakir.
Rowe, Walter P. (Fed)
May 26, 2023, 9:43:14 AM5/26/23
to ansible...@googlegroups.com
The ansible documentation covers this well.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/89ffbe82-da04-4a61-93a9-f69414ddaa5an%40googlegroups.com.
Narmada Karthika
May 26, 2023, 10:19:36 AM5/26/23
to Ansible Project
hey, this is what I go worked for my env
this is the krb5.conf
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
default_realm = DOMAIN.COM(your company domain)
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
# kdc = kerberos.example.com
DOMAIN.COM = {
kdc = <the domain controller servers>
default_domain = DOMAIN.COM
admin_server = <ONE OF THE DOMAIN CONTROLLER SERVER>
}
[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
default_realm = DOMAIN.COM(your company domain)
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
# kdc = kerberos.example.com
DOMAIN.COM = {
kdc = <the domain controller servers>
default_domain = DOMAIN.COM
admin_server = <ONE OF THE DOMAIN CONTROLLER SERVER>
}
[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM
Just replace domain name to your domain name.
win vars:
[win:vars]
ansible_user=user...@DOMAIN.COM
ansible_connection=winrm
ansible_winrm_scheme=http
ansible_shell_type=powershell
ansible_port=5985
ansible_winrm_transport=kerberos
#ansible_winrm_kinit_args="/opt/CA/uxauth/bin/uxconsole -krb -init"
asible_become_method=runas
#ansible_winrm_server_cert_validation=ignore
ansible_winrm_message_encryption=auto
validate_certs=false
ansible_user=user...@DOMAIN.COM
ansible_connection=winrm
ansible_winrm_scheme=http
ansible_shell_type=powershell
ansible_port=5985
ansible_winrm_transport=kerberos
#ansible_winrm_kinit_args="/opt/CA/uxauth/bin/uxconsole -krb -init"
asible_become_method=runas
#ansible_winrm_server_cert_validation=ignore
ansible_winrm_message_encryption=auto
validate_certs=false
Note: I got all the help from ansible documentation, you just need to tweak a bit here and there.
Reply all
Reply to author
Forward
0 new messages