Puppet Class: krb5::keytab

Defined in:
manifests/keytab.pp

Summary

Distribute Kerberos keytabs in a sane manner

Overview

Users should feel free to do what they like, but this will be consistent

Parameters:

  • keytab_source (Any) (defaults to: "puppet:///modules/krb5_files/keytabs/${facts['networking']['fqdn']}")

    The ‘File` resource compatible source for the system keytab

  • owner (Any) (defaults to: 'root')

    The keytab file owner

  • group (Any) (defaults to: 'root')

    The keytab file group

  • mode (Any) (defaults to: '0400')

    The keytab file mode

Author:

  • Trevor Vaughan <tvaughan@onyxpoint.com>



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# File 'manifests/keytab.pp', line 19

class krb5::keytab (
  $keytab_source = "puppet:///modules/krb5_files/keytabs/${facts['networking']['fqdn']}",
  $owner         = 'root',
  $group         = 'root',
  $mode          = '0400'
){

  file { '/etc/krb5_keytabs':
    ensure  => 'directory',
    owner   => 'root',
    group   => 'root',
    mode    => '0600',
    source  => $keytab_source,
    recurse => true
  }

  file { '/etc/krb5.keytab':
    ensure  => 'file',
    owner   => $owner,
    group   => $group,
    mode    => $mode,
    source  => 'file:///etc/krb5_keytabs/krb5.keytab',
    require => File['/etc/krb5_keytabs']
  }
}