I'm working with diskless nodes that have TPMs, and I need to reenroll them in IdM every time they reboot. I'm looking for a secure method to store or retrieve a Kerberos keytab using the TPM. What are my options?
2 Answers
Generally speaking, you shouldn't store keytabs directly on a TPM. TPMs are not made for holding arbitrary files like that. A better approach might be using network boot methods to fetch the keytab when needed.
I’ve thought about encrypting the IdM keytab with the TPM for added security, but that creates a problem since the encrypted keytab needs to be accessible to all nodes in the cluster. Has anyone tackled that challenge?
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures