1

My client is implementing HiPAM (or Hitachi ID) for production systems.

One requests temporary access to machines in a certain group, and can, upon approval, access them either via an ssh-client inside the browser, or by launching PuTTY from the browser.

This (kind of) works for interactive access to individual systems, which is the only use-case the people in charge have considered.

However, I need to be able to access dozens of machines via Ansible -- which means, my OpenSSH client needs to be able to use whatever credentials HiPAM issues.

How would I do that? I suspect -- but am not sure -- that Hitachi are using Kerberos in some way, but cannot figure out, which way it is...

Mikhail T.
  • 634
  • 1
  • 8
  • 27
  • 1
    [You are going to have to tell us if you are using Kerberos with Hitachi](https://knowledge.hitachivantara.com/Documents/Management_Software/Ops_Center/10.6.x/Analyzer/10.2.x/Configure_external_user_authentication/05_Configuring_Kerberos_authentication_for_Analyzer_server) cause that isn't the only option. Why don't you just configure your workflow so only after the Ansible configure the machine is configured for HiPAM? Please [edit] your question with the required information necessary to answer your question. – Ramhound Apr 08 '21 at 23:25
  • I noticed the link is for a slightly different system i suspect that Hitachi ID also supports LDAP – Ramhound Apr 08 '21 at 23:27
  • Configuration of the remote systems is not up to me. I just need to learn, how to use them... Yes, the company is using Kerberos -- and for non-production systems, I can `kinit` and then ssh into the machines, where I've added myself to `~/.k5login`. – Mikhail T. Apr 09 '21 at 00:25

0 Answers0