host_keytab_facts

pdk
A structured fact containing information about `/etc/krb5.keytab`

681 downloads

681 latest version

5.0 quality score

Version information

  • 0.1.0 (latest)
released Apr 5th 2022
This version is compatible with:
  • Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.21.0 < 8.0.0
  • CentOS
    ,
    OracleLinux
    ,
    RedHat
    ,
    Scientific
    ,
    Debian
    ,
    Ubuntu
    ,
    Fedora
    ,
    SLES

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'jcpunk-host_keytab_facts', '0.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add jcpunk-host_keytab_facts
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install jcpunk-host_keytab_facts --version 0.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

jcpunk/host_keytab_facts — version 0.1.0 Apr 5th 2022

host_keytab_facts

A structured fact containing information about /etc/krb5.keytab

Table of Contents

  1. Description
  2. Usage - Configuration options and additional functionality
  3. Limitations - OS compatibility, etc.

Description

If your host has a keytab in /etc/krb5.keytab and the klist utility installed, this module will provide a structured fact about the content.

The format is [principal][kvno][enc_type] = timestamp for example:

      {
        'HTTP/testify.example.com@EXAMPLE.COM' => {
          '3' => {
            '(DEPRECATED:des-cbc-crc)' => '10/07/2019 14:39:44',
            '(DEPRECATED:des3-hmac-sha1)' => '10/07/2019 14:39:44',
            '(aes128-cts-hmac-sha1-96)' => '10/07/2019 14:39:44',
            '(aes256-cts-hmac-sha1-96)' => '10/07/2019 14:39:44'
          }
        },
        'host/testify.example.com@EXAMPLE.COM' => {
          '2' => {
            '(DEPRECATED:des-cbc-crc)' => '10/07/2017 13:03:17'
          },
          '3' => {
            '(DEPRECATED:des-cbc-crc)' => '10/07/2019 14:39:44',
            '(DEPRECATED:des3-hmac-sha1)' => '10/07/2019 14:39:44',
            '(aes128-cts-hmac-sha1-96)' => '10/07/2019 14:39:44',
            '(aes256-cts-hmac-sha1-96)' => '10/07/2019 14:39:44'
          }
        },
        'nfs/testify.example.com@EXAMPLE.COM' => {
          '3' => {
            '(DEPRECATED:des-cbc-crc)' => '10/07/2019 14:39:44',
            '(DEPRECATED:des3-hmac-sha1)' => '10/07/2019 14:39:44',
            '(aes128-cts-hmac-sha1-96)' => '10/07/2019 14:39:44',
            '(aes256-cts-hmac-sha1-96)' => '10/07/2019 14:39:44'
          }
        }
      }

Usage

It is a fact, so long as the clients meet the requirements, it should be automatic.

Limitations

This fact only exists on Linux hosts with /etc/krb5.keytab present (and in the right format) that have ktutil in $PATH.

Development

Development happens in the git repo linked here.