Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

krb5 (24) Versions 0.2.0

Installs and configures Kerberos V authentication

Policyfile
Berkshelf
Knife
cookbook 'krb5', '= 0.2.0', :supermarket
cookbook 'krb5', '= 0.2.0'
knife supermarket install krb5
knife supermarket download krb5
README
Dependencies
Quality -%

krb5 Cookbook

Build Status

Description

Installs and configures Kerberos version 5 authentication modules
on RedHat and Debian family systems.

Requirements

Requires some PAM configuration script such as pam-auth-update on Debian
family systems, or authconfig on Redhat family systems. Best effort is
made to use one of these two tools based on detected platform.

You can override krb5['authconfig'] with an execute command, as a string.
Which should configure PAM to use Kerberos on other systems.

You really need to have time synchronized within 5 minutes of your domain
controllers, or key distribution centers. Therefore the recipe depends
on the Opscode NTP cookbook. If you have another method of keeping accurate
clocks, change the metadata according to your needs.

Attributes

  • krb5['packages'] - Packages and libraries needed for Kerberos v5 authentication, detected for Redhat/Debian family systems.
  • krb5['authconfig'] - Configuration script for PAM, detected for RedHat and Debian family systems.
  • krb5['default_realm'] - The default realm, defaults to OHAI's domain attribute.
  • krb5['realms'] - Array of all realms, including the default. Defaults to OHAI's domain attribute.
  • krb5['default_realm_kdcs'] - Array of Kerberos servers, this is optional, and default empty.
  • krb5['lookup_kdcs'] - Set to true if you have SRV records for KDC discovery. Default is true.
  • krb5['default_logging'] - Default log location. Default, 'FILE:/var/log/krb5libs.log'

Usage

Here are two example roles to be used with this recipe. The first, is
a single realm configuration, using the OHAI domain attribute for the realm.

name "krb5_domain"
description "Configures Kerberos 5 Authentication for domain realm"
override_attributes "krb5" => {
  "default_realm_kdcs" => [
    "kdc1.example.com",
    "kdc2.example.com",
    "kdc3.example.com"
  ]
}
run_list "recipe[krb5]"

The second example is a role for multiple Kerberos realms.

name "krb5_multirealm"
description "Configures Kerberos 5 Authentication for example.com and example.org realm"
override_attributes "krb5" => {
  "default_realm" = > "example.com",
  "realms" => [ 
    "example.com",
    "example.org"
  ],
  "default_realm_kdcs" => [
    "kdc1.example.com",
    "kdc2.example.com",
    "kdc3.example.com"
  ],
  "lookup_kdcs" => "true"
}
run_list "recipe[krb5]"

License and Authors

Author:: Eric G. Wolfe
Copyright:: 2012

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License

No quality metric results found