Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Make IPA use the combined keytab

Browse source 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk 2016-12-20 05:21:37 +00:00
parent ab40af84d1
commit 78261c632c
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
playbooks/groups/ipa.yml
View file

@ -58,6 +58,14 @@
shell: printf "%b" "read_kt /etc/httpd/conf/ipa.keytab\nread_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab\nwrite_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined" | ktutil
tags:
- krb5
- ipa/server
- name: Make IPA HTTP use the combined keytab
lineinfile: dest=/etc/httpd/conf.d/ipa.conf
regexp='GssapiCredStore keytab:'
line=' GssapiCredStore keytab:/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined'
tags:
- krb5
- ipa/server
- name: do base role once more to revert any resolvconf changes
hosts: ipa:ipa-stg