Transform your corporate laptop into an enterprise automation powerhouse with zero manual authentication!
- Manual
kinitevery few hours - Typing Kerberos passwords constantly
- VPN connection + authentication friction
- Remembering to renew tickets
- Authentication failures disrupting workflow
- β Connect VPN β Everything Else Automated
- β
Never touch
kinitagain - β Desktop notifications for all auth events
- β 30-minute auto-renewal = never-expiring tickets
- β Secure encrypted password storage
- β Enterprise-grade security and logging
- AES-256-CBC encryption with OpenSSL
- GPG-based advanced vault (optional)
- Secure file permissions (600)
- Memory-safe password handling
- NetworkManager dispatcher integration
- Automatic Red Hat VPN detection
- Desktop notifications for connection events
- Multi-VPN endpoint support
- VPN-triggered authentication
- 30-minute automatic renewal
- Self-healing ticket management
- Fallback to manual auth if needed
- Automatic Red Hat website login
- Chrome, Firefox, and Chromium support
- Desktop launcher integration
- Zero password prompts for authenticated sites
- Red Hat corporate Kerberos (IPA.REDHAT.COM)
- Active Directory trust support
- Multi-factor authentication ready
- Comprehensive audit logging
- Fedora 40+ (primary target)
- RHEL 8/9 (fully supported)
- CentOS Stream (compatible)
- Other Linux (may work with modifications)
- Red Hat VPN access configured
- Corporate network connectivity
- Kerberos realm access (IPA.REDHAT.COM)
# Required packages (installed by setup script)
sudo dnf install -y krb5-workstation openssl NetworkManagergit clone https://github.com/YOUR_USERNAME/laptop-enterprise-automation.git
cd laptop-enterprise-automationchmod +x install.sh
./install.shpai-simple-credential-store --store
# Enter your Red Hat Kerberos password when promptedpai-simple-credential-store --test
# Should show: β
Automatic kinit successful!# Use your usual VPN connection method
# Watch for desktop notification: "π Enterprise authentication complete!"pai-browser-kerberos-setup --install
# Configures Chrome and Firefox for Red Hat SSO# Launch Chrome with automatic Red Hat authentication
google-chrome-kerberos
# Or launch Firefox with SSO
firefox-kerberos
# Navigate to any Red Hat site - automatic login!
# Try: https://access.redhat.com, https://console.redhat.compai-vpn-kerberos-integration --status
# Should show all green checkmarks β
# Copy scripts to user bin directory
cp bin/* ~/.local/bin/
chmod +x ~/.local/bin/pai-*
# Ensure ~/.local/bin is in PATH
echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc# Copy systemd user services
mkdir -p ~/.config/systemd/user
cp systemd/* ~/.config/systemd/user/
# Enable and start automatic renewal
systemctl --user daemon-reload
systemctl --user enable pai-kerberos-renewal.timer
systemctl --user start pai-kerberos-renewal.timer# Install VPN integration (requires sudo)
pai-vpn-kerberos-integration --install# Store password securely
pai-simple-credential-store --store
# Test automatic authentication
pai-simple-credential-store --kinit
# Check credential status
pai-simple-credential-store --status
# Remove stored credentials
pai-simple-credential-store --remove# Check VPN integration status
pai-vpn-kerberos-integration --status
# Test authentication when on corporate network
pai-vpn-kerberos-integration --test-auth
# Monitor VPN events (interactive)
pai-vpn-kerberos-integration --monitor# Check renewal service status
systemctl --user status pai-kerberos-renewal.timer
# Manual renewal test
pai-kerberos-auto-renew --renew
# View renewal logs
journalctl --user -u pai-kerberos-renewal.service -f# Edit timer (default: 30 minutes)
systemctl --user edit pai-kerberos-renewal.timer
# Add override:
[Timer]
OnUnitActiveSec=15min # Change to 15 minutes# Edit scripts and comment out notify-send lines:
# - pai-vpn-kerberos-integration
# - pai-kerberos-auto-renew# Use GPG-based credential storage instead
pai-credential-vault --init
pai-credential-vault --store- AES-256-CBC encryption with user-unique keys
- Secure file permissions (600 - only user readable)
- Memory-safe password handling (variables cleared after use)
- No plain-text storage anywhere in the system
- Comprehensive logging in
/tmp/pai-*.log - Systemd journal integration for service events
- Authentication event tracking for security auditing
- Error logging for troubleshooting
- Corporate network detection before authentication attempts
- VPN-only authentication (no authentication on untrusted networks)
- Kerberos ticket encryption (standard Kerberos security)
# Check VPN connection name detection
nmcli connection show --active | grep vpn
# Verify Red Hat VPN naming in script
pai-vpn-kerberos-integration --status# Check stored password
pai-simple-credential-store --status
# Test manual kinit
kinit your_username@IPA.REDHAT.COM
# Re-store password if changed
pai-simple-credential-store --store# Test network connectivity
timeout 3 nc -z kerberos.corp.redhat.com 88
ping kerberos.corp.redhat.com
# Check VPN connection to corporate network# Check service status
systemctl --user status pai-kerberos-renewal.timer
# Restart if needed
systemctl --user restart pai-kerberos-renewal.timer
# View logs
journalctl --user -u pai-kerberos-renewal.service# Enable verbose logging
export PAI_DEBUG=1
# Run manual tests
pai-simple-credential-store --test
pai-vpn-kerberos-integration --test-auth- Additional VPN providers (Cisco AnyConnect, OpenVPN, etc.)
- Multi-platform support (macOS, Windows WSL)
- Enhanced MFA integration (FIDO2, smart cards)
- Advanced credential backends (HashiCorp Vault, etc.)
- GUI management interface
- Fork the repository
- Create feature branch:
git checkout -b feature/amazing-feature - Test thoroughly on Fedora/RHEL
- Update documentation for new features
- Submit pull request with detailed description
MIT License - see LICENSE for details.
- Red Hat Corporation - For excellent enterprise infrastructure
- MIT Kerberos Team - For robust authentication protocols
- Fedora Project - For outstanding Linux distribution
- NetworkManager Team - For reliable network integration
- GitHub Issues: Report bugs or request features
- Documentation: Check troubleshooting section above
- Logs: Include relevant logs from
/tmp/pai-*.log
- GitHub Discussions: Community support and ideas
- Red Hat Community: Enterprise authentication best practices
- Multi-realm support (REDHAT.COM + IPA.REDHAT.COM)
- Browser SSO integration (Firefox/Chrome Kerberos)
- SSH key automation (Kerberos-based SSH)
- Certificate management (automated SSL cert deployment)
- Mobile integration (smartphone notifications)
- Team deployment (organization-wide rollout tools)
π§ββοΈ Transform your corporate laptop experience from authentication friction to seamless enterprise power! β‘π°β¨