add Kerberos policy
This commit is contained in:
parent
299ed23486
commit
62352ce053
|
@ -27,6 +27,7 @@ sudoOption: !lecture
|
||||||
sudoOption: env_reset
|
sudoOption: env_reset
|
||||||
sudoOption: listpw=never
|
sudoOption: listpw=never
|
||||||
sudoOption: shell_noargs
|
sudoOption: shell_noargs
|
||||||
|
sudoOption: !mail_badpass
|
||||||
|
|
||||||
dn: cn=syscom,ou=Group,{{ ldap_base }}
|
dn: cn=syscom,ou=Group,{{ ldap_base }}
|
||||||
objectClass: top
|
objectClass: top
|
||||||
|
|
|
@ -141,6 +141,9 @@
|
||||||
dest: /etc/krb5kdc/kdc.conf
|
dest: /etc/krb5kdc/kdc.conf
|
||||||
notify:
|
notify:
|
||||||
- restart kdc
|
- restart kdc
|
||||||
|
- name: reload systemd
|
||||||
|
systemd:
|
||||||
|
daemon_reload: true
|
||||||
- name: copy kadm5.acl
|
- name: copy kadm5.acl
|
||||||
copy:
|
copy:
|
||||||
src: kerberos/kadm5.acl
|
src: kerberos/kadm5.acl
|
||||||
|
@ -156,6 +159,11 @@
|
||||||
krb5
|
krb5
|
||||||
creates: /var/lib/krb5kdc/principal
|
creates: /var/lib/krb5kdc/principal
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
- name: add default policy
|
||||||
|
command:
|
||||||
|
cmd: kadmin.local
|
||||||
|
stdin: |
|
||||||
|
addpol -minlength 4 default
|
||||||
- name: add sysadmin principal
|
- name: add sysadmin principal
|
||||||
command:
|
command:
|
||||||
cmd: kadmin.local
|
cmd: kadmin.local
|
||||||
|
|
|
@ -12,3 +12,6 @@
|
||||||
- name: setup NFS
|
- name: setup NFS
|
||||||
import_role:
|
import_role:
|
||||||
name: ../roles/nfs_setup
|
name: ../roles/nfs_setup
|
||||||
|
- name: install sendmail
|
||||||
|
apt:
|
||||||
|
name: sendmail-bin
|
||||||
|
|
Loading…
Reference in New Issue