New role for krb5

2026-06-11 19:25:54 +00:00 · 2017-08-24 12:38:15 +02:00
parent 3ae2a51c08
commit bd8e23f211
5 changed files with 79 additions and 0 deletions
--- a/roles/krb5/templates/krb5.conf.j2
+++ b/roles/krb5/templates/krb5.conf.j2
@@ -0,0 +1,31 @@
+includedir {{ krb5_conf_d }}
+includedir {{ krb5_include_d }}
+
+[libdefaults]
+  default_realm = {{ krb5_realm | upper }}
+  dns_lookup_realm = {{ krb5_dns_lookup_realm }}
+  dns_lookup_kdc = {{ krb5_dns_lookup_kdc }}
+  rdns = false
+  dns_canonicalize_hostname = false
+  ticket_lifetime = 24h
+  forwardable = true
+  udp_preference_limit = 0
+  default_ccache_name = {{ krb5_default_ccache_name }}
+
+[realms]
+  {{ krb5_realm | upper }} = {
+{% for server in krb5_servers %}
+    kdc = {{ server }}:88
+    master_kdc = {{ server }}:88
+    admin_server = {{ server }}:749
+    kpasswd_server = {{ server }}:464
+{% endfor %}
+    default_domain = {{ krb5_realm | lower }}
+    pkinit_anchors = {{ krb5_pkinit_anchors }}
+    pkinit_pool = {{ krb5_pkinit_pool }}
+  }
+
+[domain_realm]
+  .{{ krb5_realm | lower }} = {{ krb5_realm | upper }}
+  {{ krb5_realm | lower }} = {{ krb5_realm | upper }}
+  {{ ansible_host | lower }} = {{ krb5_realm | upper }}