IPA client for openshift: deploy a krb5.conf file

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2020-09-11 12:16:50 +02:00
parent 31b058a884
commit f02d19dcb9
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
3 changed files with 39 additions and 0 deletions

View file

@ -0,0 +1 @@
public_hostname: "{{ inventory_hostname }}"

View file

@ -11,3 +11,5 @@ data:
{{ load_file('default.conf') | indent(4) }}
ca.crt: |-
{{ ipa_ca_cert | indent(4) }}
krb5.conf: |-
{{ load_file('krb5.conf') | indent(4) }}

View file

@ -0,0 +1,36 @@
# includedir /etc/krb5.conf.d/
[libdefaults]
default_realm = {{ ipa_realm }}
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
dns_canonicalize_hostname = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
udp_preference_limit = 0
default_ccache_name = FILE:/tmp/%u.ccache
default_keytab_name = FILE:/etc/keytabs/host.keytab
[realms]
{{ ipa_realm }} = {
kdc = {{ ipa_server }}:88
master_kdc = {{ ipa_server }}:88
admin_server = {{ ipa_server }}:749
kpasswd_server = {{ ipa_server }}:464
default_domain = {{ ipa_realm | lower }}
pkinit_anchors = FILE:/etc/ipa/ca.crt
pkinit_pool = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.fedoraproject.org = FEDORAPROJECT.ORG
fedoraproject.org = FEDORAPROJECT.ORG
.{{ datacenter }}.fedoraproject.org = FEDORAPROJECT.ORG
{{ datacenter }}.fedoraproject.org = FEDORAPROJECT.ORG
.stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
.{{ datacenter }}.stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
{{ datacenter }}.stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
{{ public_hostname }} = {{ ipa_realm }}