From 87340a1e2a443598bcd2016501300c1eace6bd0e Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Wed, 5 Jun 2019 20:18:39 +0300
Subject: [PATCH] first version of kerberos/client role

---
 roles/kerberos/client/tasks/main.yml          | 13 +++++++++++++
 roles/kerberos/client/templates/realm.conf.j2 | 11 +++++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 roles/kerberos/client/tasks/main.yml
 create mode 100644 roles/kerberos/client/templates/realm.conf.j2

diff --git a/roles/kerberos/client/tasks/main.yml b/roles/kerberos/client/tasks/main.yml
new file mode 100644
index 0000000..b665f4f
--- /dev/null
+++ b/roles/kerberos/client/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+- name: install kerberos client packages
+  package:
+    name: krb5-workstation
+    state: installed
+
+- name: configure kerberos client
+  template:
+    dest: /etc/krb5.conf.d/realm.conf
+    src: realm.conf.j2
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
diff --git a/roles/kerberos/client/templates/realm.conf.j2 b/roles/kerberos/client/templates/realm.conf.j2
new file mode 100644
index 0000000..9680b47
--- /dev/null
+++ b/roles/kerberos/client/templates/realm.conf.j2
@@ -0,0 +1,11 @@
+[libdefaults]
+default_realm = {{ kerberos_realm }}
+
+[realms]
+{{ kerberos_realm }} = {
+  kdc = https://id.foo.sh/KdcProxy
+}
+
+[domain_realm]
+.{{ kerberos_realm|lower() }} = {{ kerberos_realm }}
+{{ kerberos_realm|lower() }} = {{ kerberos_realm }}