Initial version of kerberos::server class.

2012-03-12 22:29:21 +02:00 · 2012-03-12 22:29:21 +02:00 · 07443fc349
commit 07443fc349
parent 7437b39889
2 changed files with 75 additions and 1 deletions
--- a/kerberos/manifests/init.pp
+++ b/kerberos/manifests/init.pp
@ -85,12 +85,71 @@ class kerberos::auth {
 }


+# Install Kerberos server
+#
+# === Global variables
+#
+#   $kerberos_realm:
+#       Kerberos realm name.
+#
+#   $kerberos_datadir:
+#       Directory where to store Kerberos database files
+#       defaults to /srv/kerberos
+#
 class kerberos::server inherits kerberos::client {

-    package { "heimdal-server":
+    package { "krb5-server":
 	ensure => installed,
    }

+    if $kerberos_datadir {
+        file { $kerberos_datadir:
+            ensure => directory,
+            mode   => 0600,
+            owner  => "root",
+            group  => "root",
+        }
+        file { "/srv/kerberos":
+            ensure  => link,
+            target  => $kerberos_datadir,
+            owner   => "root",
+            group   => "root",
+            require => File[$kerberos_datadir],
+        }
+    } else {
+        file { "/srv/kerberos":
+            ensure => directory,
+            mode   => 0600,
+            owner  => "root",
+            group  => "root",
+        }
+    }
+
+    file { "/var/kerberos/krb5kdc/kdc.conf":
+        ensure  => present,
+        content => template("kerberos/kdc.conf.erb"),
+        mode    => 0600,
+        owner   => "root",
+        group   => "root",
+        require => [ Package["krb5-server"],
+                     File["/srv/kerberos"], ],
+        notify  => Service["krb5kdc"],
+    }
+
+    exec { "check-database":
+        command   => "echo 'Run \"kdb5_util create -r ${kerberos_realm} -s\" to initialize database.'",
+        path      => "/bin:/usr/bin:/sbin:/usr/sbin",
+        creates   => "/srv/kerberos/db.${kerberos_realm}.ok",
+        returns   => 1,
+    }
+
+    service { "krb5kdc":
+        ensure    => running,
+        enable    => true,
+        subscribe => File["/etc/krb5.conf"],
+        require   => Exec["check-database"],
+    }
+
 }


--- a/kerberos/templates/kdc.conf.erb
+++ b/kerberos/templates/kdc.conf.erb
@ -0,0 +1,15 @@
+
+[kdcdefaults]
+  kdc_ports = 88
+  kdc_tcp_ports = 88
+
+[realms]
+  <%= kerberos_realm %> = {
+    database_name = /srv/kerberos/db.<%= kerberos_realm %>
+    key_stash_file = /srv/kerberos/.k5.<%= kerberos_realm %>
+    max_life = 24h 0m 0s
+    max_renewable_life = 7d 0h 0m 0s
+    master_key_type = aes256-cts-hmac-sha1-96
+    supported_enctypes = aes256-cts-hmac-sha1-96:normal
+  }
+