Kerberos Auth to *nix hosts

John_Foley · September 17, 2018, 6:42pm

Good afternoon,

Is it possible to somehow configure kerberos authentication to linux hosts? I see some documentation on using the winrm module with kerberos, but nothing much involving SSH.

In my environment, I can either use kerberos tickets, SSH keys, or a password with an MFA challenge. MFA Challenges and Ansible are a no go, SSH keys are not 100% dependable due to other standing issues with our environment, but kerberos, kerberos is a pretty good bet at the current time.

I can ssh into the awx server, su to awx, and kinit to grab a ticket. I can SSH using said ticket with no problems, and actually run awx jobs with no problems that use the krb ticket. Problem is, I don’t want to have to SSH into awx and manually do a kinit. It kind of defeats the automation ethos in my opinion.

I thought of maybe doing a workflow and having a local shell command do a kinit and then move on to the playbook, but that seems like overkill.

Any thoughts?

Thanks!

JF

Ben_Spencer · September 19, 2018, 12:40am

John

I haven’t worked with Kerberos much but your “overkill” is the only thing which came to my mind also. Found a post someplace (lost it now) were someone was doing something similar with winrm as well (not sure which version of Ansible)

John_Foley · September 20, 2018, 12:59pm

Creating a custom credential and a simple playbook that employs the expect module on the awx server itself seems to have worked.

Topic		Replies	Views
Kerberos Support AWX Project awx , windows	10	1	September 25, 2021
How do you connect to a windows host? AWX Project windows	5	0	June 8, 2021
winrm delegate_to on AWX gives 401 Ansible Project awx , windows	7	1	December 4, 2019
Help needed with an AWX 19.2.1 Kerberos issue... AWX Project awx , windows , kubernetes , ee	17	0	January 2, 2022
awx add authentication methods AWX Project awx	1	0	March 5, 2018

Kerberos Auth to *nix hosts

Related topics