tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
puppet/kerberos/manifests/init.pp

102 lines
1.9 KiB
Puppet
Raw Blame History

# Install and configure kerberos client
#
# === Global variables
#
# $kerberos_realm:
# Kerberos realm name.
#
# $kerberos_kdc:
# Array containing list of Kerberos KDC servers.
#
# $kerberos_kadmin:
# Kerberos admin server address. Defaults to first KDC server.
#
# $kerberos_kpasswd:
# Kerberos password change server address. Defaults to first
# KDC server.
#
class kerberos::client {
case $operatingsystem {
centos,fedora: {
package { ["krb5-workstation", "pam_krb5"]:
ensure => installed,
}
}
}
file { "krb5.conf":
path => $operatingsystem ? {
openbsd => "/etc/kerberosV/krb5.conf",
default => "/etc/krb5.conf",
},
ensure => present,
content => template("kerberos/krb5.conf.erb"),
mode => 0644,
owner => root,
group => $operatingsystem ? {
openbsd => wheel,
default => root,
},
}
}
class kerberos::server inherits kerberos::client {
package { "heimdal-server":
ensure => installed,
}
}
# Create keytab file.
#
# === Parameters
#
# $name:
# Keytab file path.
# $principals:
# List of principals to be added into keytab
# $ensure:
# Set to present to create keytab and absent to remove it
# $owner:
# Owner for keytab file
# $group:
# Group for keytab file
# $mode:
# Permissions for keytab file
#
# === Sample usage
#
# kerberos::keytab { "/etc/krb5.keytab":
# ensure => present,
# principals => [ "host/testhost.foo.sh@FOO.SH" ],
# }
#
define kerberos::keytab($principals = [], $ensure = present, $owner = "root", $group = "", $mode = "0600") {
case $group {
"": {
case $operatingsystem {
openbsd: { $real_group = "wheel" }
default: { $real_group = "root" }
}
}
default: {
$real_group = $group
}
}
file { "${name}":
ensure => $ensure,
content => template("kerberos/keytab.erb"),
mode => "${mode}",
owner => "${owner}",
group => "${real_group}",
}
}
Reference in a new issue View git blame Copy permalink