From 62352ce05350664e9117d5212ac80df18f098632 Mon Sep 17 00:00:00 2001
From: Max Erenberg <merenber@csclub.uwaterloo.ca>
Date: Sat, 3 Jul 2021 02:29:41 -0400
Subject: [PATCH] add Kerberos policy

---
 auth1/ldap/data.ldif.j2  | 1 +
 auth1/main.yml           | 8 ++++++++
 phosphoric-acid/main.yml | 3 +++
 3 files changed, 12 insertions(+)

diff --git a/auth1/ldap/data.ldif.j2 b/auth1/ldap/data.ldif.j2
index 34be863..ab81d27 100644
--- a/auth1/ldap/data.ldif.j2
+++ b/auth1/ldap/data.ldif.j2
@@ -27,6 +27,7 @@ sudoOption: !lecture
 sudoOption: env_reset
 sudoOption: listpw=never
 sudoOption: shell_noargs
+sudoOption: !mail_badpass
 
 dn: cn=syscom,ou=Group,{{ ldap_base }}
 objectClass: top
diff --git a/auth1/main.yml b/auth1/main.yml
index abdcfb0..b9e52d0 100644
--- a/auth1/main.yml
+++ b/auth1/main.yml
@@ -141,6 +141,9 @@
         dest: /etc/krb5kdc/kdc.conf
       notify:
         - restart kdc
+    - name: reload systemd
+      systemd:
+        daemon_reload: true
     - name: copy kadm5.acl
       copy:
         src: kerberos/kadm5.acl
@@ -156,6 +159,11 @@
           krb5
         creates: /var/lib/krb5kdc/principal
     - meta: flush_handlers
+    - name: add default policy
+      command:
+        cmd: kadmin.local
+        stdin: |
+          addpol -minlength 4 default
     - name: add sysadmin principal
       command:
         cmd: kadmin.local
diff --git a/phosphoric-acid/main.yml b/phosphoric-acid/main.yml
index ba261f3..b9209de 100644
--- a/phosphoric-acid/main.yml
+++ b/phosphoric-acid/main.yml
@@ -12,3 +12,6 @@
     - name: setup NFS
       import_role:
         name: ../roles/nfs_setup
+    - name: install sendmail
+      apt:
+        name: sendmail-bin