Hi All,
I have a setup where both the Ansible command machine itself and all the managed nodes are running Linux.
They are part of Kerberos realm and I would like to use a directory user for Ansible SSH connections, authenticated from a Keytab file.
At the moment I have a solution where a cron job running on the command machine regularly performs a kinit on behalf of the account used by Ansible while I specify the following in the inventory file:
[all:vars]
# enable Kerberos ticket delegation for ssh and scp
ansible_ssh_extra_args=' -K '
ansible_scp_extra_args=' -o GSSAPIAuthentication=yes '
While this works, I am wondering if there is any better way of doing this.
Is my understanding correct that there is no out-of-the-box support for Ansible to authenticate its SSH sessions from a Kerberos **keytab file**?
Is there any best practice/convention/recommendation for such cases you could point me to?
Thanks,
Peter