# Install and configure kerberos client
#
# === Global variables
#
#   $kerberos_realm:
#       Kerberos realm name.
#
#   $kerberos_kdc:
#       Array containing list of Kerberos KDC servers.
#
#   $kerberos_kadmin:
#       Kerberos admin server address. Defaults to first KDC server.
#
#   $kerberos_kpasswd:
#       Kerberos password change server address. Defaults to first
#       KDC server.
#
class kerberos::client {

    case $operatingsystem {
	centos,fedora: {
	    package { ["krb5-workstation", "pam_krb5"]:
		ensure => installed,
	    }
	}
    }

    file { "krb5.conf":
	path    => $operatingsystem ? {
	    openbsd => "/etc/kerberosV/krb5.conf",
	    default => "/etc/krb5.conf",
	},
	ensure  => present,
	content => template("kerberos/krb5.conf.erb"),
	mode    => 0644,
	owner   => root,
	group   => $operatingsystem ? {
	    openbsd => wheel,
	    default => root,
	},
    }

}


class kerberos::server inherits kerberos::client {

    package { "heimdal-server":
	ensure => installed,
    }

}


# Create keytab file.
#
# === Parameters
#
#   $name:
#       Keytab file path.
#   $principals:
#	List of principals to be added into keytab
#   $ensure:
#	Set to present to create keytab and absent to remove it
#   $owner:
#	Owner for keytab file
#   $group:
#	Group for keytab file
#   $mode:
#	Permissions for keytab file
#
# === Sample usage
#
# kerberos::keytab { "/etc/krb5.keytab":
#     ensure     => present,
#     principals => [ "host/testhost.foo.sh@FOO.SH" ],
# }
#
define kerberos::keytab($principals = [], $ensure = present, $owner = "root", $group = "", $mode = "0600") {

    case $group {
	"": {
	    case $operatingsystem {
		openbsd: { $real_group = "wheel" }
		default: { $real_group = "root" }
	    }
	}
	default: {
	    $real_group = $group
	}
    }

    file { "${name}":
	ensure  => $ensure,
	content => template("kerberos/keytab.erb"),
	mode    => "${mode}",
	owner   => "${owner}",
	group   => "${real_group}",
    }

}