You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When the Koji client makes an authenticated request with requests-gssapi, and the client has no Kerberos TGT in the cache, MIT Kerberos will attempt to authenticate with a keytab at /var/kerberos/krb5/user/$EUID/client.keytab.
This means that if the remote host has a keytab at /var/kerberos/krb5/user/$EUID/client.keytab, then koji-ansible will use this keytab for authentication. Users do not need to run kinit in a playbook or set a keytab in a Koji profile. This really simplifies the use of koji-ansible with Kerberos.
We should document this (here and Koji upstream) to make it easier to automate authentication.
The text was updated successfully, but these errors were encountered:
When the Koji client makes an authenticated request with requests-gssapi, and the client has no Kerberos TGT in the cache, MIT Kerberos will attempt to authenticate with a keytab at
/var/kerberos/krb5/user/$EUID/client.keytab
.A blog post that explains more about this feature of Kerberos: https://adam.younglogic.com/2015/05/auto-kerberos-authn/
This means that if the remote host has a keytab at
/var/kerberos/krb5/user/$EUID/client.keytab
, then koji-ansible will use this keytab for authentication. Users do not need to runkinit
in a playbook or set a keytab in a Koji profile. This really simplifies the use of koji-ansible with Kerberos.We should document this (here and Koji upstream) to make it easier to automate authentication.
The text was updated successfully, but these errors were encountered: