Automatic keytab creation

[Russ Allbery]

Jaap Winius <jwinius at umrk.nl> writes:

> When using Puppet, I would also like it to automatically create keytab 
> files on new workstations. It was recently suggested to me that remctl 
> could be used for this purpose. That sounds great, except that remctl 
> seems to require a working Kerberos configuration with a keytab present 
> in advance. Is an exception possible in this case? If so, how?

The question for how you handle this bootstrap process is how do you want
to authenticate the system to put the initial keytab on it?  Everything
else about how you handle the deployment of the keytab will fall out from
there.

remctl, and anything else Kerberos-based, is only going to help if you
already have some keytab on the system and are adding new ones.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>