tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

kerberos: Added support for kerberos::auth for resolving kdc servers using DNS SRV records.

Browse source
This commit is contained in:
Timo Makinen 2014-01-22 21:37:34 +02:00
parent e3383a2433
commit f005508d1f
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
kerberos/manifests/init.pp
View file

@ -86,7 +86,8 @@ class kerberos::kstart {
# Kerberos realm name. # Kerberos realm name.
# #
# $kerberos_kdc: # $kerberos_kdc:
# Array containing list of Kerberos KDC servers. # Array containing list of Kerberos KDC servers. Default is to
# find servers using DNS SRV records.
# #
# $kerberos_kadmin: # $kerberos_kadmin:
# Kerberos admin server address. Defaults to first KDC server. # Kerberos admin server address. Defaults to first KDC server.
@ -100,14 +101,13 @@ class kerberos::auth {
include pam::common include pam::common
include kerberos::client include kerberos::client
$kdclist = inline_template('<%= @kerberos_kdc.join(" ") -%>')
case $::operatingsystem { case $::operatingsystem {
"centos","redhat","fedora": { "centos","redhat","fedora": {
package { "pam_krb5": package { "pam_krb5":
ensure => installed, ensure => installed,
} }
exec { "authconfig --enablekrb5 --krb5kdc='${kdclist}' --krb5realm='${kerberos_realm}' --krb5adminserver='${kerberos_kadmin}' --update": exec { "authconfig --enablekrb5 --update":
path => "/bin:/usr/bin:/sbin:/usr/sbin", path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => "egrep '^USEKERBEROS=yes\$' /etc/sysconfig/authconfig", unless => "egrep '^USEKERBEROS=yes\$' /etc/sysconfig/authconfig",
before => Class["kerberos::client"], before => Class["kerberos::client"],