roles/krb5: Compatibility for ipa 4.4 and later

New variables have been added (undefined by default): krb5_dns_canonicalize_hostname krb5_pkinit_anchors krb5_pkinit_pool These are set according to the ipa version requirements. See roles/ipaclient/tasks/install.yml
2026-06-11 19:25:54 +00:00 · 2017-09-14 14:02:16 +02:00
parent a5fb29566f
commit 0b4aec7b6a
4 changed files with 28 additions and 9 deletions
--- a/roles/krb5/templates/krb5.conf.j2
+++ b/roles/krb5/templates/krb5.conf.j2
@@ -6,7 +6,9 @@ includedir {{ krb5_include_d }}
  dns_lookup_realm = {{ krb5_dns_lookup_realm }}
  dns_lookup_kdc = {{ krb5_dns_lookup_kdc }}
  rdns = false
-  dns_canonicalize_hostname = false
+{% if krb5_dns_canonicalize_hostname is defined %}
+  dns_canonicalize_hostname = {{ krb5_dns_canonicalize_hostname }}
+{% endif %}
  ticket_lifetime = 24h
  forwardable = true
  udp_preference_limit = 0
@@ -23,8 +25,12 @@ includedir {{ krb5_include_d }}
 {% if krb5_no_default_domain | bool %}
    default_domain = {{ krb5_realm | lower }}
 {% endif %}
+{% if krb5_pkinit_anchors is defined %}
    pkinit_anchors = {{ krb5_pkinit_anchors }}
+{% endif %}
+{% if krb5_pkinit_pool is defined %}
    pkinit_pool = {{ krb5_pkinit_pool }}
+{% endif %}
  }

 [domain_realm]