Add config for the Kerberos client

machina.yml

@@ -8,3 +8,4 @@
 - import_playbook: playbooks/spotify-install.yml hostlist=machina
 - import_playbook: playbooks/systemd-user.yml hostlist=machina
 - import_playbook: playbooks/cjdns.yml hostlist=machina
+- import_playbook: playbooks/configs.yml hostlist=machina

playbooks/configs.yml

@@ -0,0 +1,18 @@
+- hosts: "{{ hostlist }}"
+  tasks:
+    - name: Install the Kerberos domain configuration for polonkai.eu
+      become: true
+      copy:
+        src: templates/krb5.conf.d-polonkai.eu
+        dest: /etc/krb5.conf.d/polonkai.eu
+        owner: root
+        group: root
+        mode: 0644
+    - name: Update the main Kerberos configuration file
+      become: true
+      copy:
+        src: templates/krb5.conf
+        dest: /etc/krb5.conf
+        owner: root
+        group: root
+        mode: 0644

playbooks/templates/krb5.conf

@@ -0,0 +1,20 @@
+includedir /etc/krb5.conf.d/
+
+[logging]
+    default = FILE:/var/log/krb5libs.log
+    kdc = FILE:/var/log/krb5kdc.log
+    admin_server = FILE:/var/log/kadmind.log
+
+[libdefaults]
+    dns_lookup_realm = true
+    dns_lookup_kdc = true
+    ticket_lifetime = 24h
+    renew_lifetime = 7d
+    forwardable = true
+    rdns = false
+    pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
+    spake_preauth_groups = edwards25519
+    dns_canonicalize_hostname = fallback
+    qualify_shortname = ""
+    default_realm = POLONKAI.EU
+    default_ccache_name = KEYRING:persistent:%{uid}

playbooks/templates/krb5.conf.d-polonkai.eu

@@ -0,0 +1,9 @@
+[realms]
+POLONKAI.EU = {
+    kdc = kerberos.polonkai.eu
+    admin_server = kerberos.polonkai.eu
+}
+
+[domain_realm]
+    .polonkai.eu = POLONKAI.EU
+    polonkai.eu = POLONKAI.EU