The SSH host key has changed on 8 April, 2022 to this one: SHA256:573uTBSeh74kvOo0HJXi5ijdzRm8me27suzNEDlGyrQ

Add config for the Kerberos client

main
Gergely Polonkai 1 year ago
parent 57610b5158
commit 0e03b128c8
No known key found for this signature in database
GPG Key ID: 2D2885533B869ED4
  1. 1
      machina.yml
  2. 18
      playbooks/configs.yml
  3. 20
      playbooks/templates/krb5.conf
  4. 9
      playbooks/templates/krb5.conf.d-polonkai.eu

@ -8,3 +8,4 @@
- import_playbook: playbooks/spotify-install.yml hostlist=machina
- import_playbook: playbooks/systemd-user.yml hostlist=machina
- import_playbook: playbooks/cjdns.yml hostlist=machina
- import_playbook: playbooks/configs.yml hostlist=machina

@ -0,0 +1,18 @@
- hosts: "{{ hostlist }}"
tasks:
- name: Install the Kerberos domain configuration for polonkai.eu
become: true
copy:
src: templates/krb5.conf.d-polonkai.eu
dest: /etc/krb5.conf.d/polonkai.eu
owner: root
group: root
mode: 0644
- name: Update the main Kerberos configuration file
become: true
copy:
src: templates/krb5.conf
dest: /etc/krb5.conf
owner: root
group: root
mode: 0644

@ -0,0 +1,20 @@
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
spake_preauth_groups = edwards25519
dns_canonicalize_hostname = fallback
qualify_shortname = ""
default_realm = POLONKAI.EU
default_ccache_name = KEYRING:persistent:%{uid}

@ -0,0 +1,9 @@
[realms]
POLONKAI.EU = {
kdc = kerberos.polonkai.eu
admin_server = kerberos.polonkai.eu
}
[domain_realm]
.polonkai.eu = POLONKAI.EU
polonkai.eu = POLONKAI.EU
Loading…
Cancel
Save