Added support for OpenBSD and added initial version of krb5.conf template.
This commit is contained in:
parent
b4ce8a5313
commit
d5a361c764
2 changed files with 74 additions and 7 deletions
|
|
@ -9,11 +9,16 @@ class kerberos::client {
|
|||
}
|
||||
}
|
||||
|
||||
file { "/etc/krb5.conf":
|
||||
ensure => present,
|
||||
mode => 0644,
|
||||
owner => root,
|
||||
group => $operatingsystem ? {
|
||||
file { "krb5.conf":
|
||||
path => $operatingsystem ? {
|
||||
openbsd => "/etc/kerberosV/krb5.conf",
|
||||
default => "/etc/krb5.conf",
|
||||
},
|
||||
ensure => present,
|
||||
content => template("kerberos/krb5.conf.erb"),
|
||||
mode => 0644,
|
||||
owner => root,
|
||||
group => $operatingsystem ? {
|
||||
openbsd => wheel,
|
||||
default => root,
|
||||
},
|
||||
|
|
@ -31,14 +36,47 @@ class kerberos::server inherits kerberos::client {
|
|||
}
|
||||
|
||||
|
||||
define kerberos::keytab($principals = [], $ensure = present, $owner = "root", $group = "root", $mode = "0600") {
|
||||
# Create keytab file.
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# $name:
|
||||
# Keytab file path.
|
||||
# $principals:
|
||||
# List of principals to be added into keytab
|
||||
# $ensure:
|
||||
# Set to present to create keytab and absent to remove it
|
||||
# $owner:
|
||||
# Owner for keytab file
|
||||
# $group:
|
||||
# Group for keytab file
|
||||
# $mode:
|
||||
# Permissions for keytab file
|
||||
#
|
||||
# === Sample usage
|
||||
#
|
||||
# kerberos::keytab { "/etc/krb5.keytab":
|
||||
# ensure => present,
|
||||
# principals => [ "testhost.foo.sh@FOO.SH" ],
|
||||
# }
|
||||
#
|
||||
define kerberos::keytab($principals = [], $ensure = present, $owner = "root", $group = "", $mode = "0600") {
|
||||
|
||||
case $group {
|
||||
"": {
|
||||
case $operatingsystem {
|
||||
openbsd: { $real_group = "wheel" }
|
||||
default: { $real_group = "root" }
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
file { "${name}":
|
||||
ensure => $ensure,
|
||||
content => template("kerberos/keytab.erb"),
|
||||
mode => "${mode}",
|
||||
owner => "${owner}",
|
||||
group => "${group}",
|
||||
group => "${real_group}",
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
29
kerberos/templates/krb5.conf.erb
Normal file
29
kerberos/templates/krb5.conf.erb
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
[libdefaults]
|
||||
default_realm = <%= kerberos_realm %>
|
||||
dns_lookup_realm = false
|
||||
dns_lookup_kdc = false
|
||||
ticket_lifetime = 24h
|
||||
forwardable = yes
|
||||
|
||||
[domain_realm]
|
||||
<%= kerberos_realm.downcase %> = <%= kerberos_realm %>
|
||||
.<%= kerberos_realm.downcase %> = <%= kerberos_realm %>
|
||||
|
||||
[realms]
|
||||
<%= kerberos_realm -%> = {
|
||||
<% kerberos_kdc.each do |kdc| -%>
|
||||
kdc = <%= kdc %>
|
||||
<% end -%>
|
||||
admin_server = <% if has_variable?('kerberos_kadmin') %><%= kerberos_kadmin %><% else %><%= kerberos_kdc[0] %><% end %>
|
||||
}
|
||||
|
||||
<% if kernel == 'Linux' -%>
|
||||
[appdefaults]
|
||||
pam = {
|
||||
debug = false
|
||||
ticket_lifetime = 36000
|
||||
renew_lifetime = 36000
|
||||
forwardable = true
|
||||
krb4_convert = false
|
||||
}
|
||||
<% end -%>
|
||||
Loading…
Add table
Reference in a new issue