Defined Type: tomcat::krb5

Defined in:
manifests/krb5.pp

Overview

; for Windows 2003

; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5

; for Windows 2008 with AES

; default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5

; for MIT/Heimdal kdc no need to restrict encryption type puppet2sitepp @tomcatkerberos

Parameters:

  • realm (Any)
  • kdc (Any)
  • keytab_source (Any)
  • use_subject_creds_only (Any) (defaults to: false)
  • default_keytab (Any) (defaults to: undef)
  • servicename (Any) (defaults to: $name)
  • catalina_base (Any) (defaults to: "/opt/${name}")
  • enctypes (Any) (defaults to: [ 'aes256-cts', 'aes128-cts', 'rc4-hmac', 'des3-cbc-sha1', 'des-cbc-crc' ])
  • ensure (Any) (defaults to: 'present') 


17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
# File 'manifests/krb5.pp', line 17

define tomcat::krb5 (
                            $realm,
                            $kdc,
                            $keytab_source,
                            $use_subject_creds_only = false,
                            $default_keytab         = undef,
                            $servicename            = $name,
                            $catalina_base          = "/opt/${name}",
                            $enctypes               = [ 'aes256-cts', 'aes128-cts', 'rc4-hmac', 'des3-cbc-sha1', 'des-cbc-crc' ],
                            $ensure                 = 'present',
                          ) {
  #
  validate_array($kdc)

  if($servicename!=undef)
  {
    $serviceinstance=Service[$servicename]
  }
  else
  {
    $serviceinstance=undef
  }

  case $ensure
  {
    'present':
    {
      #javax.security.auth.useSubjectCredsOnly=false
      tomcat::jvmproperty { "${catalina_base} javax.security.auth.useSubjectCredsOnly":
        property      => 'javax.security.auth.useSubjectCredsOnly',
        value         => $use_subject_creds_only,
        servicename   => $servicename,
        catalina_base => $catalina_base,
        require       => File["${catalina_base}/conf/krb5.ini"],
      }

      # redundat, just to be on the safe side
      tomcat::jvmproperty { "${catalina_base} java.security.krb5.conf":
        property      => 'java.security.krb5.conf',
        value         => "${catalina_base}/conf/krb5.ini",
        servicename   => $servicename,
        catalina_base => $catalina_base,
        require       => File["${catalina_base}/conf/krb5.ini"],
      }
    }
    'absent':
    {
    }
    default:
    {
      fail('unsupported ensure for tomcat::krb5')
    }
  }

  file { "${catalina_base}/conf/krb5.ini":
    ensure  => $ensure,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    require => File["${catalina_base}/conf"],
    notify  => $serviceinstance,
    content => template("${module_name}/conf/krb5.erb"),
  }

  file { "${catalina_base}/conf/krb5.keytab":
    ensure  => $ensure,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    require => File["${catalina_base}/conf"],
    notify  => $serviceinstance,
    source  => $keytab_source,
  }
}