kerberos

Table of Contents

  1. Overview
  2. Module Description
  3. Setup
  4. Usage
  5. Limitations
  6. Development

Module Description

Install and configure kerberos clients

This makes the base configuration for kerberos clients on this system (krb5.conf and host keytab file). It does not configure final services like sshd or sssd.

Setup

What kerberos affects

Set krb5.conf content and default keytab path.

Setup Requirements

This module uses stdlib and hpclib decrypt() function.

Beginning with kerberos

Usage

class{'::kerberos':
  config_options => {
    'libdefaults' => {
      'default_realm'    => 'HPC.EXAMPLE.COM',
      'rdns'             => 'false',
      'dns_lookup_realm' => 'false',
      'dns_lookup_kdc'   => 'false',
      'forwardable'      => 'true',
    },
    'realms' => {
      'HPC.EXAMPLE.COM' => "
      {
        kdc = kdc1.hpc.example.com
        kdc = kdc2.hpc.example.com
        admin_server = kerberos.hpc.example.com
        kpasswd_server = kerberos.hpc.example.com
        default_domain = hpc.example.com
      }",
    },
    'domain_realm' => {
      '.example.com' => 'HPC.EXAMPLE.COM',
      'example.com'  => 'HPC.EXAMPLE.COM',
    },
  },
  decrypt_passwd => 'passW0rd',
}

Limitations

This module is mainly tested on Debian, but is meant to also work with RHEL and derivatives.

Development

Patches and issues can be submitted on GitHub: https://github.com/edf-hpc/puppet-hpc