Resource Type: krb5_acl

Defined in:
lib/puppet/type/krb5_acl.rb
Providers:
manage_entry

Overview

Manages krb5 kadmind ACL entries per kadmind(8). When removing an entry, you can specify a regex for the operation_target and all associated entries will be removed.

Properties

  • ensure (defaults to: present)

    The basic property that the resource should be in.

    Supported values:
    • present
    • absent
  • operation_mask

    The operation mask per kadmind(8). Be aware that lower case activates a mask and upper case deactivates it

    Supported values:
    • %r{^([admcilpADMCILP]+|[x*])$}

Parameters

  • name (namevar)

    A required, but meaningless, name

  • operation_target (defaults to: undef)

    An optional partially, or fully, qualified Kerberos 5 principal name upon which ‘principal’ is allowed to operate. If this is specified, the ‘principal’, ‘operation_mask’, and ‘ensure’ options will be restricted. This must be specified as a ruby regex without ‘/’ in the case of ensure => ‘absent’.

  • principal

    The partially, or fully, qualified Kerberos 5 principal name. This is what must appear as the usual ‘name’ of the resource.

  • provider

    The specific backend to use for this ‘krb5_acl` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

  • target (defaults to: /var/kerberos/krb5kdc/kadm5.acl)

    The ACL file upon which to operate