Add pkinit config and ipa certs
In the FAS replacement being rolled out in 2021, that uses freeipa and
noggin, if a user has 2FA enabled, they need some extra configuration to
get kinit working with 2FA. This adds this configuration and the
required certificates to get it working.
If a user has 2FA enabled and needs to get a kerberos ticket,
First they bneed to Run the following command to initialize the
credentials cache. Note that this command creates the `armor.ccache`
file that you will need to point to whenever you request a new kerberos
ticket
kinit -n @FEDORAPROJECT.ORG -c FILE:armor.ccache
Finally, request the kerberos ticket with the following command:
kinit -T FILE:armor.ccache <username>@FEDORAPROJECT.ORG
You will be presented with the following prompt, be sure to
*Enter your password first, followed by the OTP Token Value*:
Enter OTP Token Value:
Signed-off-by: Ryan Lerch <rlerch@redhat.com>