3 files changed, 41 insertions, 0 deletions

diff --git a/roles/gssproxy_client/defaults/main.yml b/roles/gssproxy_client/defaults/main.yml
new file mode 100644
index 0000000..01d4e76
--- /dev/null
+++ b/roles/gssproxy_client/defaults/main.yml
@@ -0,0 +1,8 @@
+# gssproxy_section: service/name
+# gssproxy_client_keytab: path/to/client/keytab
+# gssproxy_keytab: path/to/keytab
+# gssproxy_cred_usage: initiate
+# gssproxy_euid: apache
+# gssproxy_program: /usr/sbin/httpd
+gssproxy_priority: 50
+gssproxy_cred_usage: both
diff --git a/roles/gssproxy_client/tasks/main.yml b/roles/gssproxy_client/tasks/main.yml
new file mode 100644
index 0000000..656b92a
--- /dev/null
+++ b/roles/gssproxy_client/tasks/main.yml
@@ -0,0 +1,17 @@
+- name: generate gssproxy configuration
+  template:
+    src: etc/gssproxy/client.conf.j2
+    dest: /etc/gssproxy/{{ gssproxy_priority }}-{{ gssproxy_name }}.conf
+  register: gssproxy_config
+
+- name: enable gssproxy
+  systemd:
+    name: gssproxy
+    enabled: yes
+    state: started
+
+- name: restart gssproxy
+  systemd:
+    name: gssproxy
+    state: restarted
+  when: gssproxy_config.changed
diff --git a/roles/gssproxy_client/templates/etc/gssproxy/client.conf.j2 b/roles/gssproxy_client/templates/etc/gssproxy/client.conf.j2
new file mode 100644
index 0000000..c3725f7
--- /dev/null
+++ b/roles/gssproxy_client/templates/etc/gssproxy/client.conf.j2
@@ -0,0 +1,16 @@
+[{{ gssproxy_section }}]
+mechs = krb5
+cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_%u
+{% if gssproxy_client_keytab is defined %}
+cred_store = client_keytab:{{ gssproxy_client_keytab }}
+{% endif %}
+{% if gssproxy_keytab is defined %}
+cred_store = keytab:{{ gssproxy_keytab }}
+{% endif %}
+cred_usage = {{ gssproxy_cred_usage }}
+{% if gssproxy_euid is defined %}
+euid = {{ gssproxy_euid }}
+{% endif %}
+{% if gssproxy_program is defined %}
+program = {{ gssproxy_program }}
+{% endif %}