Implement Kerberos KDC-LDAP server role.

2019-11-17 11:40:22 +01:00 · 2019-11-17 11:40:22 +01:00 · 18067d8df3
commit 18067d8df3
parent 0597d178e0
8 changed files with 208 additions and 2 deletions
--- a/roles/krb5-kdc-ldap/templates/kdc.conf
+++ b/roles/krb5-kdc-ldap/templates/kdc.conf
@ -0,0 +1,15 @@
+[kdcdefaults]
+    kdc_ports = 750,88
+
+[realms]
+    {{ ldap_domain | upper }} = {
+        admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
+        acl_file = /etc/krb5kdc/kadm5.acl
+        key_stash_file = /etc/krb5kdc/stash
+        kdc_ports = 750,88
+        max_life = 10h 0m 0s
+        max_renewable_life = 7d 0h 0m 0s
+        master_key_type = des3-hmac-sha1
+        #supported_enctypes = aes256-cts:normal aes128-cts:normal
+        default_principal_flags = +preauth
+    }