diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-12 19:56:47 -0500 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-12 19:56:47 -0500 |
commit | d19b683728dd2b62eccff4bf3a91dc4dfa646cf5 (patch) | |
tree | 9b4ceb67d75218defc1f9cbfa28a52758e961ec4 /roles/freeipa_keytab/README.md | |
parent | 35e6469d69f97a5c7ec399d8b318c693c6ddf681 (diff) | |
download | selfhosted-d19b683728dd2b62eccff4bf3a91dc4dfa646cf5.tar.gz selfhosted-d19b683728dd2b62eccff4bf3a91dc4dfa646cf5.zip |
freeipa_keytab: add docs
Diffstat (limited to 'roles/freeipa_keytab/README.md')
-rw-r--r-- | roles/freeipa_keytab/README.md | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/roles/freeipa_keytab/README.md b/roles/freeipa_keytab/README.md new file mode 100644 index 0000000..60c1a1f --- /dev/null +++ b/roles/freeipa_keytab/README.md @@ -0,0 +1,45 @@ +FreeIPA Keytab +============== + +Description +----------- + +The `freeipa_keytab` role retrieves an account's keytab from FreeIPA. + +Whenever a new keytab is fetched, the account's password is reset. + + +Variables +--------- + +This role **accepts** the following variables: + +Variable | Default | Description +-------------------|--------------------|------------ +`keytab_principal` | | FreeIPA account principal (without realm component) +`keytab_path` | `/etc/krb5.keytab` | Path to store keytab +`keytab_owner` | `root` | Owner of keytab file +`keytab_group` | `root` | Group owner of keytab file +`keytab_mode` | 0600 | Permissions of keytab file + + +Usage +----- + +Example tasks: + +````yaml +- name: create HTTP service principal + ipaservice: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: 'HTTP/{{ ansible_fqdn }}' + state: present + +- name: retrieve HTTP keytab + include_role: + name: freeipa_keytab + vars: + keytab_principal: 'HTTP/{{ ansible_fqdn }}' + keytab_path: /etc/httpd/apache.keytab +```` |