82 lines
1.5 KiB
Puppet
82 lines
1.5 KiB
Puppet
|
|
class kerberos::client {
|
|
|
|
case $operatingsystem {
|
|
centos,fedora: {
|
|
package { ["krb5-workstation", "pam_krb5"]:
|
|
ensure => installed,
|
|
}
|
|
}
|
|
}
|
|
|
|
file { "krb5.conf":
|
|
path => $operatingsystem ? {
|
|
openbsd => "/etc/kerberosV/krb5.conf",
|
|
default => "/etc/krb5.conf",
|
|
},
|
|
ensure => present,
|
|
content => template("kerberos/krb5.conf.erb"),
|
|
mode => 0644,
|
|
owner => root,
|
|
group => $operatingsystem ? {
|
|
openbsd => wheel,
|
|
default => root,
|
|
},
|
|
}
|
|
|
|
}
|
|
|
|
|
|
class kerberos::server inherits kerberos::client {
|
|
|
|
package { "heimdal-server":
|
|
ensure => installed,
|
|
}
|
|
|
|
}
|
|
|
|
|
|
# Create keytab file.
|
|
#
|
|
# === Parameters
|
|
#
|
|
# $name:
|
|
# Keytab file path.
|
|
# $principals:
|
|
# List of principals to be added into keytab
|
|
# $ensure:
|
|
# Set to present to create keytab and absent to remove it
|
|
# $owner:
|
|
# Owner for keytab file
|
|
# $group:
|
|
# Group for keytab file
|
|
# $mode:
|
|
# Permissions for keytab file
|
|
#
|
|
# === Sample usage
|
|
#
|
|
# kerberos::keytab { "/etc/krb5.keytab":
|
|
# ensure => present,
|
|
# principals => [ "host/testhost.foo.sh@FOO.SH" ],
|
|
# }
|
|
#
|
|
define kerberos::keytab($principals = [], $ensure = present, $owner = "root", $group = "", $mode = "0600") {
|
|
|
|
case $group {
|
|
"": {
|
|
case $operatingsystem {
|
|
openbsd: { $real_group = "wheel" }
|
|
default: { $real_group = "root" }
|
|
}
|
|
}
|
|
}
|
|
|
|
file { "${name}":
|
|
ensure => $ensure,
|
|
content => template("kerberos/keytab.erb"),
|
|
mode => "${mode}",
|
|
owner => "${owner}",
|
|
group => "${real_group}",
|
|
}
|
|
|
|
}
|