kerberos: Added test-users script

parent 133984e5
add_principal -pw Password123 -e aes256-cts-hmac-sha1-96:normal,aes128-cts-hmac-sha1-96:normal,des3-cbc-sha1:normal,des3-cbc-sha1-kd:normal +requires_preauth gud1
add_principal -pw Password123 -e des-cbc-md5:normal +requires_preauth gud2
add_principal -pw Password123 -expire 1/1/2017 +requires_preauth bad1
add_principal -pw Password123 -pwexpire 1/1/2017 +requires_preauth bad2
......@@ -14,7 +14,7 @@
dce.psu.edu = {
acl_file = /var/kerberos/krb5kdc/kadm5.acl
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal des3-cbc-sha1-kd:normal des3-cbc-md5:normal des-cbc-md5:normal
}
[logging]
......
......@@ -2,7 +2,7 @@
# file: roles/jboss/handlers/main.yml
- name: initialize kerberos
shell: kdb5_util create -s < ~/kdb_password
shell: kdb5_util create -s < ~/kdb_password creates="/var/kerberos/krb5kdc/principal"
- name: restart kdc
service: name=krb5kdc state=restarted
......@@ -10,3 +10,8 @@
- name: restart kadmin
service: name=kadmin state=restarted
- name: create keytab
shell: kadmin.local <<< "ktadd -k /etc/krb5.keytab kadmin/admin@dce.psu.edu" creates="/etc/krb5.keytab"
- name: create test users
shell: kadmin.local < ~/add_test_users && touch /var/kerberos/krb5kdc/test_users_exist creates="/var/kerberos/krb5kdc/test_users_exist"
......@@ -17,6 +17,9 @@
- name: copy the dummy kdb5 password
copy: src=../files/kdb_password dest=~
- name: copy test users script
copy: src=../files/add_test_users dest=~
- name: copy the kdc.conf file
copy: src=../files/{{ item }} dest=/var/kerberos/krb5kdc/{{ item }}
owner=root group=root
......@@ -34,5 +37,7 @@
- initialize kerberos
- restart kdc
- restart kadmin
- create keytab
- create test users
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment