Hosts are delegated authority over other hosts through the
host-add-managedby command. This creates a
managedby entry. Once the
managedby entry is created, then the host can retrieve a keytab for the host it has delegated authority over.
Log in as the admin user.
# kinit admin
entry. For example, this delegates authority over
# ipa host-add-managedby client2.example.com --hosts=client1.example.com
Obtain a ticket as the host
and then retrieve a keytab for
# kinit -kt /etc/krb5.keytab host/`hostname`
# ipa-getkeytab -s `hostname` -k /tmp/client2.keytab -p host/client2.example.com
Keytab successfully retrieved and stored in: /tmp/client2.keytab