roles/krb5: Compatibility for ipa 4.4 and later

New variables have been added (undefined by default): krb5_dns_canonicalize_hostname krb5_pkinit_anchors krb5_pkinit_pool These are set according to the ipa version requirements. See roles/ipaclient/tasks/install.yml
2026-06-11 11:15:55 +00:00 · 2017-09-14 14:02:16 +02:00
parent a5fb29566f
commit 0b4aec7b6a
4 changed files with 28 additions and 9 deletions
--- a/roles/krb5/defaults/main.yml
+++ b/roles/krb5/defaults/main.yml
@@ -1,8 +1,8 @@
 ---
-krb5_conf: /etc/krb5.conf
-krb5_conf_d: /etc/krb5.conf.d/ #paths.COMMON_KRB5_CONF_DIR
-krb5_include_d: /var/lib/sss/pubconf/krb5.include.d/ #paths.SSSD_PUBCONF_KRB5_INCLUDE_D_DIR
 krb5_packages: krb5-workstation
+krb5_conf: /etc/krb5.conf
+krb5_conf_d: /etc/krb5.conf.d/ # paths.COMMON_KRB5_CONF_DIR
+krb5_include_d: /var/lib/sss/pubconf/krb5.include.d/ # paths.SSSD_PUBCONF_KRB5_INCLUDE_D_DIR

 krb5_realm:
 krb5_servers:
@@ -10,6 +10,3 @@ krb5_dns_lookup_realm: "false"
 krb5_dns_lookup_kdc: "false"
 krb5_no_default_domain: "false"
 krb5_default_ccache_name: KEYRING:persistent:%{uid}
-
-krb5_pkinit_anchors: FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
-krb5_pkinit_pool: FILE:/var/lib/ipa-client/pki/ca-bundle.pem