roles/krb5: New krb5_no_default_domain setting

roles/krb5/defaults/main.yml

@@ -8,6 +8,7 @@ krb5_realm:
 krb5_servers:
 krb5_dns_lookup_realm: "false"
 krb5_dns_lookup_kdc: "false"
+krb5_no_default_domain: "false"
 krb5_default_ccache_name: KEYRING:persistent:%{uid}
 
 krb5_pkinit_anchors: FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem

roles/krb5/tasks/main.yml

@@ -13,8 +13,9 @@
 - name: Template krb5.conf
   template:
     src: krb5.conf.j2
-    dest: /etc/krb5.conf
-    backup: yes
+    dest: "{{ krb5_conf }}"
+    backup: no
     owner: root
     group: root
     mode: 0644
+    force: yes

roles/krb5/templates/krb5.conf.j2

@@ -20,7 +20,9 @@ includedir {{ krb5_include_d }}
     admin_server = {{ server }}:749
     kpasswd_server = {{ server }}:464
 {% endfor %}
+{% if krb5_no_default_domain | bool %}
     default_domain = {{ krb5_realm | lower }}
+{% endif %}
     pkinit_anchors = {{ krb5_pkinit_anchors }}
     pkinit_pool = {{ krb5_pkinit_pool }}
   }