I would like to use kerberos for authentication on remote execution jobs, but I am not sure I am installing and enabling it correctly.
I attempted to make the plugin available via foreman-installer:
foreman-installer -v --foreman-proxy-plugin-remote-execution-ssh-ssh-kerberos-auth
:kerberos_auth: true in
I am under the impression foreman should now attempt kerberos auth before falling back to key-based authenticaiton.
My question now may be about kerberos more than foreman – how do I ensure that foreman-proxy has a valid TGT? I use FreeIPA for identity management and kerberos, is it as simple as creating an account for foreman-proxy, or does it need a service principle?
Enabling kerberos authentication for remote execution and configuring an account with a kerberos TGT for running remote commands.
Foreman and Proxy versions:
Foreman 1.21.4 and Smart Proxy 1.21.4
Distribution and version: