Initial version of kerberos::auth class.

2011-10-20 15:31:07 +03:00 · 2011-10-20 15:31:07 +03:00 · 90f329e53e
commit 90f329e53e
parent e1007ae1a6
1 changed files with 42 additions and 1 deletions
--- a/kerberos/manifests/init.pp
+++ b/kerberos/manifests/init.pp
@ -20,7 +20,7 @@ class kerberos::client {

    case $operatingsystem {
 	centos,fedora: {
-	    package { ["krb5-workstation", "pam_krb5"]:
+	    package { "krb5-workstation":
 		ensure => installed,
 	    }
 	}
@ -44,6 +44,47 @@ class kerberos::client {
 }


+# Configure kerberos authentication
+#
+# === Global variables
+#
+#   $kerberos_realm:
+#       Kerberos realm name.
+#
+#   $kerberos_kdc:
+#       Array containing list of Kerberos KDC servers.
+#
+#   $kerberos_kadmin:
+#       Kerberos admin server address. Defaults to first KDC server.
+#
+#   $kerberos_kpasswd:
+#       Kerberos password change server address. Defaults to first
+#       KDC server.
+#
+class kerberos::auth {
+
+    include kerberos::client
+    $kdclist = inline_template('<%= kerberos_kdc.join(" ") -%>')
+
+    case $operatingsystem {
+        "centos": {
+            package { "pam_krb5":
+                ensure => installed,
+            }
+            exec { "authconfig --enablekrb5 --krb5kdc='${kdclist}' --krb5realm='${kerberos_realm}' --krb5adminserver='${kerberos_kadmin}' --update":
+                path    => "/bin:/usr/bin:/sbin:/usr/sbin",
+                unless  => "egrep '^USEKERBEROS=yes\$' /etc/sysconfig/authconfig",
+                before  => Class["kerberos::client"],
+                require => Package["pam_krb5"],
+            }
+        }
+        default: {
+            fail("kerberos::auth not supported on ${operatingsystem}")
+        }
+    }
+}
+
+
 class kerberos::server inherits kerberos::client {

    package { "heimdal-server":