Added acl list to kerberos admin server.

2012-04-18 17:36:11 +03:00 · 2012-04-18 17:36:11 +03:00 · b6ef635bec
commit b6ef635bec
parent 9def142f98
2 changed files with 11 additions and 0 deletions
--- a/kerberos/manifests/init.pp
+++ b/kerberos/manifests/init.pp
@ -142,6 +142,16 @@ class kerberos::server inherits kerberos::client {
        subscribe => File["/etc/krb5.conf"],
    }

+    file { "/var/kerberos/krb5kdc/kadm5.acl":
+        ensure  => present,
+        content => template("kerberos/kadm5.acl.erb"),
+        mode    => "0600",
+        owner   => "root",
+        group   => "root",
+        require => Package["krb5-server"],
+        notify  => Service["kadmin"],
+    }
+
    service { "kadmin":
        ensure  => running,
        enable  => true,
--- a/kerberos/templates/kadm5.acl.erb
+++ b/kerberos/templates/kadm5.acl.erb
@ -0,0 +1 @@
+puppet/admin@<%= kerberos_realm %> ci */*@<%= kerberos_realm %>
				`@ -0,0 +1 @@`
				`puppet/admin@<%= kerberos_realm %> ci /@<%= kerberos_realm %>`