Resource Type: krb5_acl

Defined in:

lib/puppet/type/krb5_acl.rb

Providers:

manage_entry

Overview

Manages krb5 kadmind ACL entries per kadmind(8). When removing an entry, you can specify a regex for the operation_target and all associated entries will be removed.

Properties

• ensure (defaults to: present)

  The basic property that the resource should be in.

  Supported values:

  • present
  • absent
• operation_mask

  The operation mask per kadmind(8). Be aware that lower case activates a mask and upper case deactivates it

  Supported values:

  • %r{^([admcilpADMCILP]+|[x*])$}

Parameters

• name (namevar)

  A required, but meaningless, name

• operation_target (defaults to: undef)

  An optional partially, or fully, qualified Kerberos 5 principal name upon which ‘principal’ is allowed to operate. If this is specified, the ‘principal’, ‘operation_mask’, and ‘ensure’ options will be restricted. This must be specified as a ruby regex without ‘/’ in the case of ensure => ‘absent’.

• principal

  The partially, or fully, qualified Kerberos 5 principal name. This is what must appear as the usual ‘name’ of the resource.

• provider

  The specific backend to use for this ‘krb5_acl` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

• target (defaults to: /var/kerberos/krb5kdc/kadm5.acl)

  The ACL file upon which to operate