kerberos: Added support to kerberos::client for resolving kdc servers using DNS SRV records.

kerberos/manifests/init.pp

@@ -7,7 +7,8 @@
 #       Kerberos realm name.
 #
 #   $kerberos_kdc:
-#       Array containing list of Kerberos KDC servers.
+#       Array containing list of Kerberos KDC servers. Default is to
+#       find servers using DNS SRV records.
 #
 #   $kerberos_kadmin:
 #       Kerberos admin server address. Defaults to first KDC server.
@@ -18,6 +19,17 @@
 #
 class kerberos::client {
 
+    if !$kerberos_kadmin and $kerberos_kdc {
+        $kerberos_kadmin = $kerberos_kdc[0]
+    }
+    if !$kerberos_kpasswd and $kerberos_kdc {
+        $kerberos_kpasswd = $kerberos_kdc[0]
+    }
+
+    if !$kerberos_kdc {
+        $kerberos_kdc = []
+    }
+
     case $::operatingsystem {
         "centos","redhat","fedora": {
             package { "krb5-workstation":

kerberos/templates/krb5.conf.erb

@@ -1,7 +1,11 @@
 [libdefaults]
   default_realm = <%= @kerberos_realm %>
   dns_lookup_realm = false
+<% if @kerberos_kdc.count == 0 -%>
+  dns_lookup_kdc = true
+<% else -%>
   dns_lookup_kdc = false
+<% end -%>
   ticket_lifetime = 24h
   forwardable = yes
 
@@ -14,7 +18,9 @@
 <% @kerberos_kdc.each do |kdc| -%>
     kdc = <%= kdc %>
 <% end -%>
-    admin_server = <% if @kerberos_kadmin %><%= @kerberos_kadmin %><% else %><%= @kerberos_kdc[0] %><% end %>
+<% if @kerberos_kadmin -%>
+    admin_server = <%= @kerberos_kadmin %>
+<% end -%>
 <% if @kerberos_kpasswd -%>
     kpasswd_server = <%= @kerberos_kpasswd %>
 <% end -%>