krb5

Generate krb5.conf

IvanBayan

IvanBayan

8,497 downloads

7,245 latest version

1.5 quality score

Version information

  • 0.0.3 (latest)
  • 0.0.2
  • 0.0.1
released Oct 15th 2014

Start using this module

Documentation

IvanBayan/krb5 — version 0.0.3 Oct 15th 2014

This is a puppet module for managing krb5 libs and krb5.conf

This module now support Debian 6, CentOS and Ubuntu Module depend on 'ripienaar/concat' module, when i have been writing and testing module i use last version from http://github.com/ripienaar/puppet-concat

As a base i use next module http://agileinf.web.cern.ch/agileinf/gitweb?p=punch-modules.git;a=tree;f=kerberos;hb=HEAD Also as a template i use saz/ntp module. Thanks to all contributors.

Sample usage:

You can configure thru 'krb5' class next things:

autoupgrade - Upgrade packages automatically, if there is a newer version. Default: true.

ensure - Ensure if present or absent. Default: present.

package - Name of the package (or packages). Only set this, if your platform is not supported or you know, what you're doing. Default: auto-set (in params.pp), platform specific

config_file - Main configuration file. Only set this, if your platform is not supported or you know, what you're doing. Default: auto-set (in params.pp), platform specific

config_file_static - Copy configuration file from specified location. Set location if you want to replicate static config file. Default: undef

class{ 'krb5': config_file => '/tmp/krb5.conf', package => [ 'libkrb53', 'krb5-user' ] }

You can configure thru 'krb5::config' part of libdefaults and appdefaults options:

Look at config.pp for supported options and it is default values.

class{ 'krb5::config': krb5default => 'TEST.RU', krb5ticket_lifetime => '25h', krb5renew_lifetime => '120h', krb5forwardable => 'true', krb5proxiable => 'true', krb5enctype => ['arcfour-hmac-md5','aes256-cts','aes128-cts','des3-cbc-sha1','des-cbc-md5','des-cbc-crc'], krb5pam => {'external' => 'true', 'krb4_convert' => 'false', 'krb4_convert_524' => 'false', 'krb4_use_as_req' => 'false' } ... }

You can configure thru 'krb5::realm' class, your realms. For supported values, look at config.pp

krb5::realm{ 'TEST.RU': default_domain => 'test.ru', kdc => ['dc1.test.ru:88', 'dc2.test.ru:88' ], kpasswd_server => 'kpass.test.ru', admin_server => 'kadmin.test.ru', v4_name_convert => { 'host' => { 'rcmd' => 'host' }
}