That's pretty much exactly what I was looking for. Thanks JR.
--Jason On Thu, Mar 6, 2014 at 11:23 AM, JR Aquino <jr.aqu...@citrix.com> wrote: > If you don't find an answer for doing it -minus- a ticket, here is what I > would suggest. > > Create a service user who's only role permissions give them the ability to > delete users. > > Then perform a getkeytab for the user: > ipa-getkeytab -s ipa.example.com -p <user name to export>@EXAMPLE.COM -k > /path/to/username.keytab > > Then associate the following along with your cron. I would also recommend > a kdestroy -after- the task is run. > > #!/bin/bash > > ####### > # Auto Kinit > ######## > > /usr/kerberos/bin/klist -s > EXITCODE=$? > if [ $EXITCODE != "0" ] ; then > /usr/kerberos/bin/kdestroy >> /dev/null 2>&1 > /usr/kerberos/bin/kinit -F usern...@example.com -k -t > /path/to/username.keytab > fi > > > > On Mar 6, 2014, at 8:48 AM, KodaK <sako...@gmail.com> wrote: > > Once again, I'm probably missing something that's well documented. I > promise I searched. > > We have a daily termination list that needs to be enforced at 5:00 PM > every day. I can script it up just fine, but sometimes I like to sneak out > early. > > I tried to use "at," but since I'm logged out when the job runs there's no > ticket and the ipa commands fail. > > ex: > > echo "sh terminate" | at 5:00 PM Friday > > works if I'm logged in with a ticket ("terminate" contains the ipa command > to disable / delete users.) > > Is there some way to automate this? I can leave a terminal open on a VM > as a work-around, but I'd like to be cleaner if I can. > > --Jason > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > > -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users