Add kerberize role (providing kerberized ssh so far).

2019-11-29 15:47:45 +01:00 · 2019-11-29 15:47:45 +01:00 · 61e4b1d852
commit 61e4b1d852
parent be829760c6
5 changed files with 41 additions and 6 deletions
--- a/roles/kerberize/tasks/main.yml
+++ b/roles/kerberize/tasks/main.yml
@ -0,0 +1,18 @@
+- name: kerberize sshd server
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    line: "GSSAPIAuthentication yes"
+    insertafter: "#GSSAPIAuthentication no"
+  notify: "reload sshd"
+
+- name: kerberize ssh client, authenticate
+  lineinfile:
+    dest: /etc/ssh/ssh_config
+    line: "GSSAPIAuthentication yes"
+    insertafter: "#   GSSAPIAuthentication no"
+
+- name: kerberize ssh client, delegate credentials
+  lineinfile:
+    dest: /etc/ssh/ssh_config
+    line: "GSSAPIDelegateCredentials yes"
+    insertafter: "#   GSSAPIDelegateCredentials no"