Resource Type: krb5kdc_auto_keytabs
- Defined in:
- lib/puppet/type/krb5kdc_auto_keytabs.rb
- Providers:
-
generate
Overview
Auto-generates principals and keytabs on a functional KDC and outputs the keytabs to a directory of the user’s choosing.
Can optionally take a hash of hosts, with associated principal metadata, to be created on the KDC. Will warn if you are attempting to add a host that does not have a valid REALM.
Properties
-
ensure
(defaults to: present)
The state to enforce on the resource
Supported values:- present
- generated
- absent
Parameters
-
all_known
(defaults to: false)
Generate keytabs for any ‘host/.*’ entires known to the KDC.
Supported values:- true
- false
- yes
- no
-
global_services
The global services that should be applied to every auto-generated principal
-
group
(defaults to: group)
The group that should own the generated keytabs, defaults to ‘#:group’ when installing into a Puppet Environment and ‘root’ otherwise.
-
hosts
A Hash of hosts that should be managed in the KDC.
The Hash format should be as follows:
{
'fqdn' => { 'ensure' => ('absent' | 'present') # Required 'realms' => ['REALM1', 'REALM2'] # Optional. Will be auto-upcased 'services' => ['svc1','svc2'] # Optional }
}
If ‘$global_services’ is set, it will be added to the list of services for each host here.
-
introspect
(defaults to: true)
Attempt to discover, and create, all relevant keytabs from data on the Puppet server.
This will create host principals for discovered entities if they do not exist already!
This takes a best guess from the SIMP default PKI key locations:
* `${environmentpath}/${environment}/keydist` * `/var/simp/environments/${environment}/site_files/pki_files/files/keydist`
If ‘$environmentpath` is not set, then `$confdir` will be substituted for `$environmentpath/$environment`
Supported values:- true
- false
- yes
- no
-
name (namevar)
The output directory to which to write the keytabs
If ‘__default__’ will be set to either ‘/var/simp/environments/$environment/site_files/krb5_files/files/keytabs` or `/var/kerberos/krb5kdc/generated_keytabs` depending on which target path exists.
-
provider
The specific backend to use for this ‘krb5kdc_auto_keytabs` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.
-
purge
(defaults to: true)
Remove all unmanaged keytabs from the ‘$name’ directory
Supported values:- true
- false
- yes
- no
-
realms
(defaults to: Facter.value(:domain))
The realms under which the hosts should be generated
-
user
(defaults to: root)
The user that should own the generated keytabs, defaults to ‘#:user’ when installing into a Puppet Environment and ‘root’ otherwise.