Hello,
SSSD is a great way to maintain server's joined relation to an active
directory, for example. In combination with msktutil, one may manage
SPNs in an elegant way, forming the basis of single-signe-on into (e.g.)
Postgres.
However, there doesn't seem to be a good way to maintain derived keytabs
from the system's main /etc/krb5.keytab. A use case I have is that I
need the 'postgres/' keytab entries from a server's main krb5.keytab to
be available for the server's Postgres database as
/etc/postgresql-common/krb5.conf with special permissions. (Have I
overlooked a good, existing solution for it?)
So I've written a little utility to help with this: "keytabmux":
https://gitlab.com/troelsarvin/keytabmux
The tool may be started by systemd, and it will then keep running,
keeping an eye on updates of /etc/krb5.keytab and write new derived
keytabs, as needed.
Maybe someone here will find it interesting. Let me know, if you have
comments.
--
Regards,
Troels Arvin
--
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
