Puppet Class: krb5

Inherited by:
krb5::kdc
krb5::config
Defined in:
manifests/init.pp

Summary

Kerberos 5 management and manipulation

Overview

This base class installs everything necessary for basic KRB client use

We modify the default “/etc/krb5.conf“ to use an include structure under “/etc/krb5.conf.simp.d“. Each “[subsection]“ is broken out into a separate directory and all files in that directory are included.

Parameters:

  • ldap (Boolean) (defaults to: simplib::lookup('simp_options::ldap', { 'default_value' => false }))

    Configure the system to incorporate LDAP components

    • This presently does not set up the LDAP back-end for KRB5

  • firewall (Boolean) (defaults to: simplib::lookup('simp_options::firewall', { 'default_value' => false }))

    Use the SIMP iptables module

  • haveged (Boolean) (defaults to: simplib::lookup('simp_options::haveged', { 'default_value' => true }))

    Use the SIMP haveged module

  • enctypes (Array[String]) (defaults to: [ 'aes256-cts-hmac-sha1-96', 'aes128-cts-hmac-sha1-96' ])

    An Array of default permitted encryption types

Author:

  • Trevor Vaughan <tvaughan@onyxpoint.com>



25
26
27
28
29
30
31
32
33
34
35
36
37
38
# File 'manifests/init.pp', line 25

class krb5 (
  Boolean       $ldap     = simplib::lookup('simp_options::ldap', { 'default_value' => false }),
  Boolean       $firewall = simplib::lookup('simp_options::firewall', { 'default_value' => false }),
  Boolean       $haveged  = simplib::lookup('simp_options::haveged', { 'default_value' => true }),
  Array[String] $enctypes = [ 'aes256-cts-hmac-sha1-96', 'aes128-cts-hmac-sha1-96' ]
){

  simplib::assert_metadata($module_name)

  contain 'krb5::install'
  contain 'krb5::config'

  Class['krb5::install'] -> Class['krb5::config']
}