epfl_sso

pdk
UNIX single sign-on using EPFL's LDAP and Kerberos servers

EPFL STI-IT

epflsti

21,978 downloads

370 latest version

3.1 quality score

Version information

  • 1.2.1 (latest)
  • 1.2.0
  • 1.1.8
  • 1.1.7
  • 1.1.6
  • 1.1.5
  • 1.1.4
  • 1.1.3
  • 1.1.2
  • 1.1.1
  • 1.1.0
  • 1.0.2
  • 1.0.1
  • 1.0.0
  • 0.8.6
  • 0.8.5
  • 0.8.4
  • 0.8.3
  • 0.8.2
  • 0.8.1
  • 0.8.0
  • 0.7.0
  • 0.6.6
  • 0.6.5
  • 0.6.4
  • 0.6.3
  • 0.6.2
  • 0.6.1
  • 0.6.0
  • 0.5.10
  • 0.5.9
  • 0.5.8
  • 0.5.7
  • 0.5.6
  • 0.5.5
  • 0.5.4
  • 0.5.3
  • 0.5.2
  • 0.5.1
  • 0.5.0
  • 0.4.14
  • 0.4.13
  • 0.4.12
  • 0.4.10
  • 0.4.9
  • 0.4.8
  • 0.4.7
  • 0.4.6
  • 0.4.5
  • 0.4.4
  • 0.4.3
  • 0.4.2
  • 0.4.1
  • 0.3.0
  • 0.2.5
  • 0.2.4
  • 0.2.3
  • 0.2.2
  • 0.2.1
  • 0.2.0
released Feb 5th 2021
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 7.0.0
  • CentOS
    ,
    RedHat
    ,
    Scientific
    ,
    Debian
    ,
    Ubuntu

Start using this module

Documentation

epflsti/epfl_sso — version 1.2.1 Feb 5th 2021

puppet.epfl_sso

UNIX single sign-on using EPFL's LDAP and Kerberos servers

Apply one-shot

Install Puppet agent

  • Version 4 or higher is preferred
  • Version 3 is being end-of-lined, and only versions 3.8.x or higher are supported

Then, as root:

  1. If you are attempting to join the domain for the first time (i.e. join_domain => true; see below) this will stop mid-way with an error message that directs you to join the domain interactively. Here is how that could go: kinit AD123456 /usr/local/sbin/adjoin join OU=iccluster,OU=IC,DC=intranet,DC=epfl,DC=ch
  2. Run the puppet apply command line from step 3 once more, this time to completion hopefully
  3. If home automounting was requested (i.e. ad_automount_home => true), reboot

Apply as part of a Puppet server + agent deployment

Refer to the Puppet documentation

Class Parameters (Examples)

💡 For the complete reference, see the comments at the top of init.pp

“Bells and whistles” configuration, if you are in command of a suitably powerful ADsciper account:

Poor man's “computer-object-less” configuration for unaccredited administrators: Kerberos outbound-only, no roaming /home, but still the same UIDs, passwords and (mostly) same groups as everyone else:

Development

To work off the latest ("master") version of epfl_sso:

  1. Be sure to remove previous version: puppet module uninstall epflsti-epfl_sso (add --ignore-changes if needed)
  2. Go in the puppet folder: cd /etc/puppet/code/modules (your mileage may vary on different distributions)
  3. Remove epfl_sso (but it should have been done at step 1)
  4. Clone the repo here: git clone https://gitlab.com/epfl-sti/puppet.epfl_sso.git epfl_sso