Browse Source

add Kerberos policy

merge-requests/4/head
Max Erenberg 1 year ago
parent
commit
62352ce053
  1. 1
      auth1/ldap/data.ldif.j2
  2. 8
      auth1/main.yml
  3. 3
      phosphoric-acid/main.yml

1
auth1/ldap/data.ldif.j2

@ -27,6 +27,7 @@ sudoOption: !lecture
sudoOption: env_reset
sudoOption: listpw=never
sudoOption: shell_noargs
sudoOption: !mail_badpass
dn: cn=syscom,ou=Group,{{ ldap_base }}
objectClass: top

8
auth1/main.yml

@ -141,6 +141,9 @@
dest: /etc/krb5kdc/kdc.conf
notify:
- restart kdc
- name: reload systemd
systemd:
daemon_reload: true
- name: copy kadm5.acl
copy:
src: kerberos/kadm5.acl
@ -156,6 +159,11 @@
krb5
creates: /var/lib/krb5kdc/principal
- meta: flush_handlers
- name: add default policy
command:
cmd: kadmin.local
stdin: |
addpol -minlength 4 default
- name: add sysadmin principal
command:
cmd: kadmin.local

3
phosphoric-acid/main.yml

@ -12,3 +12,6 @@
- name: setup NFS
import_role:
name: ../roles/nfs_setup
- name: install sendmail
apt:
name: sendmail-bin

Loading…
Cancel
Save