kerberos: Added support for setting encryption types for kerberos::client.

kerberos/manifests/init.pp

@@ -17,7 +17,13 @@
 #       Kerberos password change server address. Defaults to first
 #       KDC server.
 #
-class kerberos::client {
+# === Parameters
+#
+#   $enctypes:
+#       Array containing encryption types used. Mainly needed due to
+#       older samba not getting AES keys from AD.
+#
+class kerberos::client($enctypes=[]) {
 
     if !$kerberos_kadmin and $kerberos_kdc {
         $kerberos_kadmin = $kerberos_kdc[0]

kerberos/templates/krb5.conf.erb

@@ -8,6 +8,10 @@
 <% end -%>
   ticket_lifetime = 24h
   forwardable = yes
+<% if @enctypes.count > 0 -%>
+  default_tgs_enctypes = <%= @enctypes.join(' ') %>
+  default_tkt_enctypes = <%= @enctypes.join(' ') %>
+<% end -%>
 
 [domain_realm]
   <%= @kerberos_realm.downcase %> = <%= @kerberos_realm %>