Git Product home page Git Product logo

puppet-module-kerberos's Introduction

A puppet module for managing MIT Kerberos clients and servers Build Status

License

BSD

Contact

[email protected]

Support

Please log tickets and issues at our Projects site

Example Use

# Kerberos server (kdc and kadmin)
class {'kerberos':
  master                => true,
  realm                 => 'EXAMPLE.ORG',
  kdc_database_password => 'secret',
}

# kerberos client
class {'kerberos':
  client            => true,
  realm             => 'EXAMPLE.ORG',
  domain_realm      => { '.example.org' => 'EXAMPLE.ORG', },
  kdcs              => ['cellserver.example.org'],
  admin_server      => 'cellserver.example.org',
  allow_weak_crypto => true,
}

Hiera Usage

Define all the main class parameters you'd like to change like this:

kerberos::realm: 'EXAMPLE.ORG'
kerberos::kdcs:
  - 'cellserver.example.org'

Forget about client => true. Just include or hiera_include() any of the following classes:

kerberos::client
kerberos::kdc::master
kerberos::kdc::slave

It is best to store passwords in Hiera; that way, you can have a set of test credentials, and a different set of credentials for production servers. For example, in debug environments, you might use realmone.local and realmtwo.local instead of realmone.com and realmtwo.com, which of course would cause puppet to pull your configuration from different .yaml files. Debug configuration could be checked in to the repository, and production values could be stored in a more secure location.

###kdc1.realmone.com.yaml:

  ---
  kerberos::principals:
    user1:
      password: secretsecret

###kdc2.realmtwo.com.yaml:

  ---
  kerberos::principals:
    user2:
      password: p4ssw0rd!

###production.yaml:

  ---
  kerberos::kdc_database_password: verylongsecurerandomlyproducedpassword

  trusted_realms:
    realms:
      - REALMONE.COM
      - REALMTWO.COM
    password: differentverylongsecurerandomlyproducedpassword

You can also define a additional [capaths] section or additional realms to your [realms] section with Hiera

###capaths.yaml:

  ---
  kerberos::capaths:
    'EXAMPLE.COM':
      - 'OTHER-REALM.COM': '.'
    'US.EXAMPLE.COM':
      - 'OTHER-REALM.COM': 'EXAMPLE.COM'

###extra_realms.yaml:

  ---
  kerberos::extra_realms:
    'EXAMPLE.COM':
      - 'kdc': 'kdc1.example.com'
      - 'kdc': 'kdc2.example.com'
      - 'kdc': 'kdc3.example.com'
    'OTHER-REALM.COM':
      - 'kdc': 'kdc1.other-realm.com'
      - 'kdc': 'kdc2.other-realm.com'

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.