gistfile1.txt

Using Ansible SSH transport with GSSAPI in FreeIPA. 

```
[root@master ~]# cat my-hosts 
[mymachines]
master.ipa.test
[root@master ~]# id ansible
id: ‘ansible’: no such user
[root@master ~]# kinit admin
Password for [email protected]: 
[root@master ~]# ipa user-add ansible
First name: Ansible
Last name: User
--------------------
Added user "ansible"
--------------------
  User login: ansible
  First name: Ansible
  Last name: User
  Full name: Ansible User
  Display name: Ansible User
  Initials: AU
  Home directory: /home/ansible
  GECOS: Ansible User
  Login shell: /bin/sh
  Principal name: [email protected]
  Principal alias: [email protected]
  Email address: [email protected]
  UID: 78800005
  GID: 78800005
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False
[root@master ~]# ipa-getkeytab -p ansible -k ansible.keytab 
Keytab successfully retrieved and stored in: ansible.keytab
[root@master ~]# KRB5CCNAME=/root/ansible.ccache KRB5_CLIENT_KTNAME=/root/ansible.keytab ansible -i my-hosts -u ansible all -m ping
master.ipa.test | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
[root@master ~]# klist -c /root/ansible.ccache 
Ticket cache: FILE:/root/ansible.ccache
Default principal: [email protected]

Valid starting       Expires              Service principal
09/08/2023 11:39:49  09/09/2023 10:55:39  krbtgt/[email protected]
09/08/2023 11:39:49  09/09/2023 10:55:39  host/[email protected]
```