From f005508d1fcf6f12e1d6f102f896239cfebab7cd Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Wed, 22 Jan 2014 21:37:34 +0200
Subject: [PATCH] kerberos: Added support for kerberos::auth for resolving kdc
 servers using DNS SRV records.

---
 kerberos/manifests/init.pp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/kerberos/manifests/init.pp b/kerberos/manifests/init.pp
index 70a8eaa..248a8e7 100644
--- a/kerberos/manifests/init.pp
+++ b/kerberos/manifests/init.pp
@@ -86,7 +86,8 @@ class kerberos::kstart {
 #       Kerberos realm name.
 #
 #   $kerberos_kdc:
-#       Array containing list of Kerberos KDC servers.
+#       Array containing list of Kerberos KDC servers. Default is to
+#       find servers using DNS SRV records.
 #
 #   $kerberos_kadmin:
 #       Kerberos admin server address. Defaults to first KDC server.
@@ -100,14 +101,13 @@ class kerberos::auth {
     include pam::common
 
     include kerberos::client
-    $kdclist = inline_template('<%= @kerberos_kdc.join(" ") -%>')
 
     case $::operatingsystem {
         "centos","redhat","fedora": {
             package { "pam_krb5":
                 ensure => installed,
             }
-            exec { "authconfig --enablekrb5 --krb5kdc='${kdclist}' --krb5realm='${kerberos_realm}' --krb5adminserver='${kerberos_kadmin}' --update":
+            exec { "authconfig --enablekrb5 --update":
                 path    => "/bin:/usr/bin:/sbin:/usr/sbin",
                 unless  => "egrep '^USEKERBEROS=yes\$' /etc/sysconfig/authconfig",
                 before  => Class["kerberos::client"],