Rotate the AD machine credential from the vas client on Linux
说明
Is there a way to rotate the AD machine credential from the vas client on Linux?
解决办法
Check man vastool for more information.
You can manually execute or add to automation the following command: $ sudo /opt/quest/bin/vastool -u host/ passwd -r
Example parameters: -u host/ (use the computer account as the account to authenticate to AD and to change its password)
passwd (call the change password procedure)
-r (The -r option will set the password to a random value. Note that if vastool cannot derive a keytab for the target principal, it will exit out to prevent users from accidentally setting their passwords to unknown random values. You should use the -r option when modifying the password for computer objects or service accounts for security reasons.)
-o (The -o option will output the new password to stdout. Use of the -o option is useful when used with -r to allow the caller to see the random password value.)
Example using -o for stdout output: [adm@rhel01 ~]$ sudo /opt/quest/bin/vastool -u host/ passwd -r -o
Using the VASD auth daemon for passwd changes. New password: :n7mXeL{U.>s8.MAd+py%1<|`i5O4vk= Password for this computer was successfully set [adm@rhel01 ~]$
If you call it without -o, then the new computer password will not be shown anywhere