search

walkamongus / realmd

Puppet module for setting up realmd, SSSD, and a Kerberos client config
Apache License 2.0
12 stars 47 forks source link

krb_config section #61

Open alexandrud opened 5 years ago

alexandrud commented 5 years ago

Hi,

I don't know if this is an issue or a new feature request. I'm trying to use the manage_krb_config feature. The KRB config part looks something like this:

       manage_krb_config       => true,
        krb_config              => {
                'logging'       => {
                        'default'       => 'FILE:/var/log/krb5libs.log',
                        'kdc'           => 'FILE:/var/log/krb5kdc.log',
                        'admin_server'  => 'FILE:/var/log/kadmind.log',
                },
                'libdefaults'   => {
                        'default_realm'         => upcase($::domain),
                        'dns_lookup_realm'      => 'true',
                        'dns_lookup_kdc'        => 'true',
                        'ticket_lifetime'       => '24h',
                        'renew_lifetime'        => '7d',
                        'forwardable'           => 'true',
                        'rdns'                  => 'false',
                },
                'realms'        => {
                        $realms_statement = {'kdc' => 'DC01.DOMAIN.COM', 'admin_server' => 'DC01.DOMAIN.COM'}
                        #$krb_domain = upcase($::domain)
                        #"${krb_domain}" => "${realms_statement}",
                        'DOMAIN.COM' => notice($realms_statement}),
                },
                'domain_realm'  => {
                        "${::domain}"   => upcase($::domain),
                        ".${::domain}"  => upcase($::domain),
                },
        },

Expected result would be something like this:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = DOMAIN.COM
 dns_lookup_realm = true
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false

[realms]
 DOMAIN.COM = {
  kdc = DC01.DOMAIN.COM
  admin_server = DC01.DOMAIN.COM
 }

[domain_realm]
domain.com = DOMAIN.COM
.domain.com = DOMAIN.COM

Is this supposed to work from the manifest file? I hit a wall trying to build the hash for the [realms] part.

walkamongus commented 5 years ago

I see the expected result -- what does your actual result look like?