kerberos: Added test-users script

1318dd20 · ALEXANDER PAUL HASKELL · 133984e5 · 1318dd20 · 1318dd20 · 1318dd20
Commit 1318dd20 authored Jan 11, 2017 by ALEXANDER PAUL HASKELL
4 changed files
--- a/roles/kerberos/files/add_test_users
+++ b/roles/kerberos/files/add_test_users
+add_principal -pw Password123 -e aes256-cts-hmac-sha1-96:normal,aes128-cts-hmac-sha1-96:normal,des3-cbc-sha1:normal,des3-cbc-sha1-kd:normal +requires_preauth gud1
+add_principal -pw Password123 -e des-cbc-md5:normal +requires_preauth gud2
+add_principal -pw Password123 -expire 1/1/2017 +requires_preauth bad1
+add_principal -pw Password123 -pwexpire 1/1/2017 +requires_preauth bad2
--- a/roles/kerberos/files/kdc.conf
+++ b/roles/kerberos/files/kdc.conf
@@ -14,7 +14,7 @@
 dce.psu.edu = {
  acl_file = /var/kerberos/krb5kdc/kadm5.acl
  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
-  supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
+  supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal des3-cbc-sha1-kd:normal des3-cbc-md5:normal des-cbc-md5:normal
 }

 [logging]

--- a/roles/kerberos/handlers/main.yml
+++ b/roles/kerberos/handlers/main.yml
@@ -2,7 +2,7 @@
 # file: roles/jboss/handlers/main.yml

 - name: initialize kerberos
-  shell: kdb5_util create -s < ~/kdb_password
+  shell: kdb5_util create -s < ~/kdb_password creates="/var/kerberos/krb5kdc/principal"

 - name: restart kdc
  service: name=krb5kdc state=restarted
@@ -10,3 +10,8 @@
 - name: restart kadmin
  service: name=kadmin state=restarted

+- name: create keytab
+  shell: kadmin.local <<< "ktadd -k /etc/krb5.keytab kadmin/admin@dce.psu.edu" creates="/etc/krb5.keytab"
+
+- name: create test users
+  shell: kadmin.local < ~/add_test_users && touch /var/kerberos/krb5kdc/test_users_exist creates="/var/kerberos/krb5kdc/test_users_exist"
--- a/roles/kerberos/tasks/main.yml
+++ b/roles/kerberos/tasks/main.yml
@@ -17,6 +17,9 @@
 - name: copy the dummy kdb5 password
  copy: src=../files/kdb_password dest=~

+- name: copy test users script
+  copy: src=../files/add_test_users dest=~
+
 - name: copy the kdc.conf file
  copy: src=../files/{{ item }} dest=/var/kerberos/krb5kdc/{{ item }}
        owner=root group=root
@@ -34,5 +37,7 @@
    - initialize kerberos
    - restart kdc
    - restart kadmin
+    - create keytab
+    - create test users