I need some help with ansible login, the company i work for uses PAM where we type in username and info and we get auth prompt from microsoft authenticator to login.
In a nut shell from cli the command to login to a device would be
ssh -p 4422 mydomain.com\username#aus.mydomain\usernameadmin#1.1.1.1#authserver.mydomain.com
i need this to translate into ansible config for the login part and hopefully also use inventory so we dont have to specify the ip address.
thanks in advance.
Related
I was wondering if it was possible to have Vagrant provisioning with Ansible playbooks to have a task where a command which requires user input is executed and pauses to wait for user interaction.
The use case is to auth the gcloud terminal command with gcloud auth login. The command asks the user to go to a url which perform the Google authentication and then enter the verification code provided after the access is granted:
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/....
Enter verification code:
I've seen prompt and wait_for modules for Ansible but it does not look like can be used in this scenario?
If the account you're trying to authenticate in that scenario is a service account, give gcloud auth activate-service-account a try. It'd be especially useful here because it prompts for nothing, all it does is login a service account using a key file. You can find out more about it here.
Maybe the expect module will work on your case. Have you read about it?
Example from ansible docs:
- name: Case insensitive password string match
expect:
command: passwd username
responses:
(?i)password: "MySekretPa$$word"
# you don't want to show passwords in your logs
no_log: true
- name: Generic question with multiple different responses
expect:
command: /path/to/custom/command
responses:
Question:
- response1
- response2
- response3
You can combine this with uri module to authenticate on google cloud, register the output, parse it with regex or something and then use it on expect module...
Source: Ansible Expect Module
We are setting up a system where we need to re-verify a user's identify before he/she is allowed to perform a specific task. The user enters his/her password into the website, and then PHP runs kinit to verify that the password is correct. We use Kerberos for authentication. This is what we successfully tried on a Linux server:
echo "password123" | kinit username#REALM.COM
The problem is that the system is running on a Windows server. We have installed kinit, but cannot seem to get the same thing to work. Running that same command, with or without the quotes, just gives us this output:
kinit: Generic preauthentication failure while getting initial credentials
Any suggestions on what could be done here?
Edit:
Running simply "kinit" and then entering the password at the prompt, works well.
I tried using Jenkins or my admin username as user and password. For password, I tried to update using sudo passwd jenkins, so I am fine on that. However, I am skeptical about the user name. How do I confirm the username for Jenkins? Can someone pls help me?
During the initial run of Jenkins a security token is generated and printed in the console log. The username is admin
The token should look something like,
*************************************************************
Jenkins initial setup is required. A security token is required to proceed.
Please use the following security token to proceed to installation:
41d2b60b0e4cb5bf2025d33b21cb
*************************************************************
For me the initial admin password was in a log at ~/.jenkins/secrets/initialAdminPassword
after installing with homebrew.
source
If you pod is running in a Kubernetes cluster, just look at the running process … Your initial password will be shown…
e.g.
--argumentsRealm.passwd.admin=**3kJQtPDkhk** --argumentsRealm.roles.admin=admin
Username: admin
For password,
cat /Users/$(whoami)/.jenkins/secrets/initialAdminPassword
you will get similar to this token 2762710d8dab4c88a59fea0a2e559069
I need to run curl commands from a Windows server to an API on a Linux box. When I am on my workstation I just run a kinit and give my user name and pwd for the Kerberos realm.
I have automated scripts in which I need to run a kinit before running the Powershell script. I do not want any manual intervention. I am trying to create a keytab file with my Kerberos account but it is not working -
I am receiving the error message "No key table entry found for user#domain.net while getting initial credentials.
I really don't understand much about Kerberos, and whether the process cares that I am on a Windows server tryng to use a keytab file for this purpose.
Can someone help? I have been going a bit nuts with this...
Thanks for any help!
Look into your keytab if the principal there is the one you are going to use. klist -k -t <keytab>
You are obviously doing wrong. You have to obtain a curl binary for Windows which says with curl --version:
curl 7.46.0 ...
Protocols: http https ...
Features: SSPI Kerberos SPNEGO ...
That's it. Enable SPNEGO auth with curl --negotiate -u : <URL> and you are done. No keytab necessary on Windows.
I'm quite new to Gerrit.I'm getting Permisson denied(public key) while running ssh command .I want to add rsa key to my Gerrit profile.But I'm not able to take the Web UI.I tried localhost:29418 But nothing come up.
Thanks in advance!!!
If you used the -b batch mode you can probably find the site on http:// localhost :8080
The first user to login will have automatically administration rights and you should be able to enter a userid and ssh key. You need to then use this userid plus the ssh key to connect.
ssh -p 29418userid# 127.0.0.1 gerrit
This should then show you the gerrit help.