From b6ef635becbbe6609316fab2753ca567591979f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20M=E4kinen?= <tmakinen@foo.sh>
Date: Wed, 18 Apr 2012 17:36:11 +0300
Subject: [PATCH] Added acl list to kerberos admin server.

---
 kerberos/manifests/init.pp       | 10 ++++++++++
 kerberos/templates/kadm5.acl.erb |  1 +
 2 files changed, 11 insertions(+)
 create mode 100644 kerberos/templates/kadm5.acl.erb

diff --git a/kerberos/manifests/init.pp b/kerberos/manifests/init.pp
index ab51419..cc73818 100644
--- a/kerberos/manifests/init.pp
+++ b/kerberos/manifests/init.pp
@@ -142,6 +142,16 @@ class kerberos::server inherits kerberos::client {
         subscribe => File["/etc/krb5.conf"],
     }
 
+    file { "/var/kerberos/krb5kdc/kadm5.acl":
+        ensure  => present,
+        content => template("kerberos/kadm5.acl.erb"),
+        mode    => "0600",
+        owner   => "root",
+        group   => "root",
+        require => Package["krb5-server"],
+        notify  => Service["kadmin"],
+    }
+
     service { "kadmin":
         ensure  => running,
         enable  => true,
diff --git a/kerberos/templates/kadm5.acl.erb b/kerberos/templates/kadm5.acl.erb
new file mode 100644
index 0000000..1c4d269
--- /dev/null
+++ b/kerberos/templates/kadm5.acl.erb
@@ -0,0 +1 @@
+puppet/admin@<%= kerberos_realm %> ci */*@<%= kerberos_realm %>