Module to manage the kerberos config file and client packages.
This module has been tested to work on the following systems with the latest
Puppet v3, v3 with future parser, v4, v5 and v6. See .travis.yml for the
exact matrix of supported Puppet and ruby versions.
- Debian
- EL 6
- EL 7
- EL 8
- Suse
- Solaris 10
- Solaris 11
Value for default in [logging] section of krb5.conf.
- Default: 'FILE:/var/log/krb5libs.log'
Value for kdc in [logging] section of krb5.conf.
- Default: 'FILE:/var/log/krb5kdc.log'
Value for admin_server in [logging] section of krb5.conf.
- Default: 'FILE:/var/log/kadmind.log'
Value for krb524d in [logging] section of krb5.conf.
- Default: undef
Value for default_realm in [libdefaults] section of krb5.conf. Default realm.
- Default: undef
Value for dns_lookup_realm in [libdefaults] section of krb5.conf. To use dns to lookup realm.
- Default: undef
Value for dns_lookup_kdc in [libdefaults] section of krb5.conf. To use dns to lookup kdc.
- Default: undef
Value for ticket_lifetime in [libdefaults] section of krb5.conf.
- Default: undef
Value for default_ccache_name in [libdefaults] section of krb5.conf. This setting is supported by Kerberos version >= v1.11.
- Default: undef
Value for default_keytab_name in [libdefaults] section of krb5.conf. Name of keytab file.
- Default: undef
Value for forwardable in [libdefaults] section of krb5.conf. If ticket is forwardable.
- Default: undef
Value for allow_weak_crypto in [libdefaults] section of krb5.conf. If weak encryption types are allowed.
- Default: undef
Value for proxiable in [libdefaults] section of krb5.conf. If ticket is proxiable.
- Default: undef
Value for rdns in [libdefaults] section of krb5.conf. If reverse DNS resolution should be used.
- Default: undef
Value for default_tkt_enctypes in [libdefaults] section of krb5.conf.
- Default: undef
Value for default_tgs_enctypes in [libdefaults] section of krb5.conf.
- Default: undef
Content for [realms] section of krb5.conf. List of kerberos domains (hash with nested arrays). Order is retained in the result.
- Default: {}
krb5::realms:
'EXAMPLE.COM':
default_domain:
- 'example.com'
kdc:
- 'kdc1.example.com:88'
- 'kdc2.example.com:88'
admin_server:
- 'kdc1.example.com:749'
- 'kdc2.example.com:749'Create this [realms] section in krb5.conf.
[realms]
EXAMPLE.COM = {
default_domain = example.com
kdc = kdc1.example.com:88
kdc = kdc2.example.com:88
admin_server = kdc1.example.com:749
admin_server = kdc2.example.com:749
}
Content for [appdefaults] section of krb5.conf. List of defaults for apps (hash with nested arrays). Order is retained in the result.
- Default: {}
krb5::appdefaults:
test:
'ticket_lifetime': '36000'
'forwardable': 'true'
'renew_lifetime': '36000'
'krb4_convert': 'false'
'debug': 'false'Create this [appdefaults] section in krb5.conf.
[appdefaults]
test = {
ticket_lifetime = 36000
forwardable = true
renew_lifetime = 36000
krb4_convert = false
debug = false
}
Content for [domain_realm] section of krb5.conf. List of domain realms (hash with nested arrays). Order is retained in the result.
- Default: {}
krb5::domain_realm:
'example.com': 'EXAMPLE.COM'Create this [domain_realm] section in krb5.conf.
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
Array of the related kerberos packages. [] will choose the appropriate default for the system. Support for type string is deprecated.
- Default: []
Solaris specific: path to package adminfile.
- Default: undef
Solaris specific (mostly), package provider for $package, valid values are 'sun' and 'pkg'.
- Default: undef
Solaris specific (mostly): path to package source.
- Default: undef
Path to config file.
- Default: '/etc/krb5.conf'
Ensure attribute to be used for $krb5conf_file, valid values are 'present', 'absent', 'file', 'directory', and 'link'.
- Default: 'present'
File system owner of the config file.
- Default: 'root'
File system group of the config file.
- Default: 'root'
File mode in four digit octal notation to be used for $krb5conf_file.
- Default: '0644'
Create symlink /etc/krb5.keytab with target specified.
- Default: undef