kerberos: Added support for kerberos::auth for resolving kdc servers using DNS SRV records.

2014-01-22 21:37:34 +02:00 · 2014-01-22 21:37:34 +02:00 · f005508d1f
commit f005508d1f
parent e3383a2433
1 changed files with 3 additions and 3 deletions
--- a/kerberos/manifests/init.pp
+++ b/kerberos/manifests/init.pp
@ -86,7 +86,8 @@ class kerberos::kstart {
 #       Kerberos realm name.
 #
 #   $kerberos_kdc:
-#       Array containing list of Kerberos KDC servers.
+#       Array containing list of Kerberos KDC servers. Default is to
+#       find servers using DNS SRV records.
 #
 #   $kerberos_kadmin:
 #       Kerberos admin server address. Defaults to first KDC server.
@ -100,14 +101,13 @@ class kerberos::auth {
    include pam::common

    include kerberos::client
-    $kdclist = inline_template('<%= @kerberos_kdc.join(" ") -%>')

    case $::operatingsystem {
        "centos","redhat","fedora": {
            package { "pam_krb5":
                ensure => installed,
            }
-            exec { "authconfig --enablekrb5 --krb5kdc='${kdclist}' --krb5realm='${kerberos_realm}' --krb5adminserver='${kerberos_kadmin}' --update":
+            exec { "authconfig --enablekrb5 --update":
                path    => "/bin:/usr/bin:/sbin:/usr/sbin",
                unless  => "egrep '^USEKERBEROS=yes\$' /etc/sysconfig/authconfig",
                before  => Class["kerberos::client"],