edgester / puppet-module-kerberos Goto Github PK

Hi,

I've updated the test a little bit and added an acceptance test. Had some issues with testing the Master installation in Travis CI, so only the client is currently tested. However it should be easy to extend the tests in the future.

https://github.com/martialblog/puppet-module-kerberos/tree/refactor_tests

This is based on my previous Pull Request, so it's best to wait until it's merged and then I'm gonna rebase.

Feedback is welcome.
Cheers

New to Hiera and to Kerberos. So far all of the modules that I've used have used the standard classes rather than Hiera. Is it possible to use classes to add users? If not, what's the easiest way to do it?

Thanks!

I'm working on implementing a kerberos slave node and I'm getting the following error on a puppet convergence run.

Info: Caching catalog for kerberos-test-slave-internal.[DOMAIN]
Error: Failed to apply catalog: Could not find dependency Kerberos::Ktadd[/etc/krb5.keytab@host/kerberos-test-slave.[DOMAIN]] for Service[kpropd] at /etc/puppet/modules/kerberos/manifests/server/kpropd.pp:76

Could I be missing something in the kerberos slave yaml settings?

--David C

Hi!

How about to make new release?
There is a bunch of fixes from 2015.

It's a good practice to tag repos with the versions that are being released to the forge.

This is because most (I think) r10k or code manager users source from git urls as it's a little faster than sourcing from the forge.

Not doing it limits the uptake and usage of the module a bit.

Would you be able to put this in your process and tag the 0.3.1 release?

I haven't used this module but with a cursory look at the code I think I will prefer this one over others. :)

Hi,

I've encountered an error while using the Module and this might be due to this:

class kerberos::server::kprop (
$kprop_cron_path = $kerberos::kprop_cron_path,
$kprop_cron_hour = $kprop_cron_hour,

Fix provided here:
https://github.com/martialblog/puppet-module-kerberos/commit/5beb1486c5fe5d37ad7e9afcee195be5066c3e3c

Cheers,
Markus

@edgester, would you be amenable to a PR that adds the ability to specify appdefaults as a hash? This would be a pretty low-level implementation but similar to how extra realms are currently implemented.

I'm currently having to visit krb5.conf to add an include for appdefaults. I'd prefer to have the module just handle the configuration and keep my own hacks out of it.

Thoughts?

I'm not sure if I have this module figured out, but it seems like the docs in the readme should work for me. However they don't.

  include 'kerberos::client'

and hiera:

kerberos::realm: 'SJRB.AD'
kerberos::kdc_principals:
  svcopsJD:
    password: redacted
kerberos::kdc_trusted_realms:
    realms:
      - SJRB.AD
    password: redacted

Ultimately after this module I want to join a linux box to a domain.. using net ads join.

And I'm trying to get a kerberos ticket with this one.

ktinit user works with the supplied username and password.

kerberos::ticket_cache is the only class that runs a kinit, but not sure what the recommended way of calling that defined type is.. directly?

I won't have a keytab file, so I must use the password.

Hi Jason,

I'm now at a point where I'd like to package the module for Debian. A release would be very helpful for that, possiby even to PuppetForge?

Thanks!
Michael