add Kerberos policy

2021-07-03 02:29:41 -04:00 · 2021-07-03 02:29:41 -04:00 · 62352ce053
parent 299ed23486
commit 62352ce053
3 changed files with 12 additions and 0 deletions
--- a/auth1/ldap/data.ldif.j2
+++ b/auth1/ldap/data.ldif.j2
@ -27,6 +27,7 @@ sudoOption: !lecture
 sudoOption: env_reset
 sudoOption: listpw=never
 sudoOption: shell_noargs
+sudoOption: !mail_badpass

 dn: cn=syscom,ou=Group,{{ ldap_base }}
 objectClass: top
--- a/auth1/main.yml
+++ b/auth1/main.yml
@ -141,6 +141,9 @@
        dest: /etc/krb5kdc/kdc.conf
      notify:
        - restart kdc
+    - name: reload systemd
+      systemd:
+        daemon_reload: true
    - name: copy kadm5.acl
      copy:
        src: kerberos/kadm5.acl
@ -156,6 +159,11 @@
          krb5
        creates: /var/lib/krb5kdc/principal
    - meta: flush_handlers
+    - name: add default policy
+      command:
+        cmd: kadmin.local
+        stdin: |
+          addpol -minlength 4 default
    - name: add sysadmin principal
      command:
        cmd: kadmin.local
--- a/phosphoric-acid/main.yml
+++ b/phosphoric-acid/main.yml
@ -12,3 +12,6 @@
    - name: setup NFS
      import_role:
        name: ../roles/nfs_setup
+    - name: install sendmail
+      apt:
+        name: sendmail-bin