kinit-keytab

This is an Ansible role that helps you log into a Windows domain and get a kerberos ticket using a kerberos keytab file.

Requirements

To use this role, you need to have a working kerberos client setup. Check the Ansible Windows guide to make sure you have all the necessary libraries and configurations to connect to Windows hosts. Also, make sure that WinRM is enabled on your Windows host (as mentioned in the same Ansible Windows guide) and that you have a kerberos keytab file for your Active Directory account. You can create a keytab file using the steps below:

### on linux
ktutil
addent -password -p username@YOURDOMAIN.LOCAL -k 1 -e rc4-hmac
# ENTER PASSWORD
wkt username.keytab
quit

### on macOS
ktutil -k username.keytab add -p username@YOURDOMAIN.LOCAL
# Enter "arcfour-hmac-md5" for Encryption type
# Enter "1" for Key version
# Enter and confirm your password

Handle the resulting file like an SSH key, as it lets you access the AD domain without needing to input your password.

Role Variables

keytab_file: Path to the user's keytab file
username: Kerberos username with realm (e.g., [email protected])
krb_ticket_lifetime: Duration of the ticket in seconds (s), minutes (m), or hours (h) - default: 5m

Dependencies

None

Example Playbook

    - hosts: localhost
      connection: local
      gather_facts: false
      roles:
        - { role: mortiz.kinit-keytab,
            username: [email protected],
            keytab_file: /home/username/username.keytab,
            krb_ticket_lifetime: 60s  }

License

Apache