Added support for OpenBSD and added initial version of krb5.conf template.
This commit is contained in:
parent
b4ce8a5313
commit
d5a361c764
2 changed files with 74 additions and 7 deletions
|
|
@ -9,11 +9,16 @@ class kerberos::client {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
file { "/etc/krb5.conf":
|
file { "krb5.conf":
|
||||||
ensure => present,
|
path => $operatingsystem ? {
|
||||||
mode => 0644,
|
openbsd => "/etc/kerberosV/krb5.conf",
|
||||||
owner => root,
|
default => "/etc/krb5.conf",
|
||||||
group => $operatingsystem ? {
|
},
|
||||||
|
ensure => present,
|
||||||
|
content => template("kerberos/krb5.conf.erb"),
|
||||||
|
mode => 0644,
|
||||||
|
owner => root,
|
||||||
|
group => $operatingsystem ? {
|
||||||
openbsd => wheel,
|
openbsd => wheel,
|
||||||
default => root,
|
default => root,
|
||||||
},
|
},
|
||||||
|
|
@ -31,14 +36,47 @@ class kerberos::server inherits kerberos::client {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
define kerberos::keytab($principals = [], $ensure = present, $owner = "root", $group = "root", $mode = "0600") {
|
# Create keytab file.
|
||||||
|
#
|
||||||
|
# === Parameters
|
||||||
|
#
|
||||||
|
# $name:
|
||||||
|
# Keytab file path.
|
||||||
|
# $principals:
|
||||||
|
# List of principals to be added into keytab
|
||||||
|
# $ensure:
|
||||||
|
# Set to present to create keytab and absent to remove it
|
||||||
|
# $owner:
|
||||||
|
# Owner for keytab file
|
||||||
|
# $group:
|
||||||
|
# Group for keytab file
|
||||||
|
# $mode:
|
||||||
|
# Permissions for keytab file
|
||||||
|
#
|
||||||
|
# === Sample usage
|
||||||
|
#
|
||||||
|
# kerberos::keytab { "/etc/krb5.keytab":
|
||||||
|
# ensure => present,
|
||||||
|
# principals => [ "testhost.foo.sh@FOO.SH" ],
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
define kerberos::keytab($principals = [], $ensure = present, $owner = "root", $group = "", $mode = "0600") {
|
||||||
|
|
||||||
|
case $group {
|
||||||
|
"": {
|
||||||
|
case $operatingsystem {
|
||||||
|
openbsd: { $real_group = "wheel" }
|
||||||
|
default: { $real_group = "root" }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
file { "${name}":
|
file { "${name}":
|
||||||
ensure => $ensure,
|
ensure => $ensure,
|
||||||
content => template("kerberos/keytab.erb"),
|
content => template("kerberos/keytab.erb"),
|
||||||
mode => "${mode}",
|
mode => "${mode}",
|
||||||
owner => "${owner}",
|
owner => "${owner}",
|
||||||
group => "${group}",
|
group => "${real_group}",
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
29
kerberos/templates/krb5.conf.erb
Normal file
29
kerberos/templates/krb5.conf.erb
Normal file
|
|
@ -0,0 +1,29 @@
|
||||||
|
[libdefaults]
|
||||||
|
default_realm = <%= kerberos_realm %>
|
||||||
|
dns_lookup_realm = false
|
||||||
|
dns_lookup_kdc = false
|
||||||
|
ticket_lifetime = 24h
|
||||||
|
forwardable = yes
|
||||||
|
|
||||||
|
[domain_realm]
|
||||||
|
<%= kerberos_realm.downcase %> = <%= kerberos_realm %>
|
||||||
|
.<%= kerberos_realm.downcase %> = <%= kerberos_realm %>
|
||||||
|
|
||||||
|
[realms]
|
||||||
|
<%= kerberos_realm -%> = {
|
||||||
|
<% kerberos_kdc.each do |kdc| -%>
|
||||||
|
kdc = <%= kdc %>
|
||||||
|
<% end -%>
|
||||||
|
admin_server = <% if has_variable?('kerberos_kadmin') %><%= kerberos_kadmin %><% else %><%= kerberos_kdc[0] %><% end %>
|
||||||
|
}
|
||||||
|
|
||||||
|
<% if kernel == 'Linux' -%>
|
||||||
|
[appdefaults]
|
||||||
|
pam = {
|
||||||
|
debug = false
|
||||||
|
ticket_lifetime = 36000
|
||||||
|
renew_lifetime = 36000
|
||||||
|
forwardable = true
|
||||||
|
krb4_convert = false
|
||||||
|
}
|
||||||
|
<% end -%>
|
||||||
Loading…
Add table
Reference in a new issue