c1aff2ed38
This adds a role and related testing to manage our Kerberos KDC servers, intended to replace the puppet modules currently performing this task. This role automates realm creation, initial setup, key material distribution and replica host configuration. None of this is intended to run on the production servers which are already setup with an active database, and the role should be effectively idempotent in production. Note that this does not yet switch the production servers into the new groups; this can be done in a separate step under controlled conditions and with related upgrades of the host OS to Focal. Change-Id: I60b40897486b29beafc76025790c501b5055313d
7 lines
337 B
Plaintext
7 lines
337 B
Plaintext
# This file Is the access control list for krb5 administration.
|
|
# When this file is edited run /etc/init.d/krb5-admin-server restart to activate
|
|
# One common way to set up Kerberos administration is to allow any principal
|
|
# ending in /admin is given full administrative rights.
|
|
# To enable this, uncomment the following line:
|
|
*/admin *
|