-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathREADME
61 lines (46 loc) · 2.26 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
This is a puppet module for managing krb5 libs and krb5.conf
This module now support Debian 6, CentOS and Ubuntu
Module depend on 'ripienaar/concat' module, when i have been writing and testing module i use last version from http://github.com/ripienaar/puppet-concat
As a base i use next module http://agileinf.web.cern.ch/agileinf/gitweb?p=punch-modules.git;a=tree;f=kerberos;hb=HEAD
Also as a template i use saz/ntp module.
Thanks to all contributors.
Sample usage:
You can configure thru 'krb5' class next things:
autoupgrade - Upgrade packages automatically, if there is a newer version.
Default: true.
ensure - Ensure if present or absent.
Default: present.
package - Name of the package (or packages). Only set this, if your platform is not supported or you know, what you're doing.
Default: auto-set (in params.pp), platform specific
config_file - Main configuration file. Only set this, if your platform is not supported or you know, what you're doing.
Default: auto-set (in params.pp), platform specific
config_file_static - Copy configuration file from specified location. Set location if you want to replicate static config file.
Default: undef
class{ 'krb5':
config_file => '/tmp/krb5.conf',
package => [ 'libkrb53', 'krb5-user' ]
}
You can configure thru 'krb5::config' part of libdefaults and appdefaults options:
Look at config.pp for supported options and it is default values.
class{ 'krb5::config':
krb5default => 'TEST.RU',
krb5ticket_lifetime => '25h',
krb5renew_lifetime => '120h',
krb5forwardable => 'true',
krb5proxiable => 'true',
krb5enctype => ['arcfour-hmac-md5','aes256-cts','aes128-cts','des3-cbc-sha1','des-cbc-md5','des-cbc-crc'],
krb5pam => {'external' => 'true',
'krb4_convert' => 'false',
'krb4_convert_524' => 'false',
'krb4_use_as_req' => 'false'
}
...
}
You can configure thru 'krb5::realm' class, your realms. For supported values, look at config.pp
krb5::realm{ 'TEST.RU':
default_domain => 'test.ru',
kdc => ['dc1.test.ru:88', 'dc2.test.ru:88' ],
kpasswd_server => 'kpass.test.ru',
admin_server => 'kadmin.test.ru',
v4_name_convert => { 'host' => { 'rcmd' => 'host' }
}