From 0261e875679f1bf63c8d689da7fc7e014597885d Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Sat, 4 Feb 2023 01:23:43 -0500
Subject: initial commit

---
 roles/gssproxy_client/defaults/main.yml                 |  8 ++++++++
 roles/gssproxy_client/tasks/main.yml                    | 17 +++++++++++++++++
 .../templates/etc/gssproxy/client.conf.j2               | 16 ++++++++++++++++
 3 files changed, 41 insertions(+)
 create mode 100644 roles/gssproxy_client/defaults/main.yml
 create mode 100644 roles/gssproxy_client/tasks/main.yml
 create mode 100644 roles/gssproxy_client/templates/etc/gssproxy/client.conf.j2

(limited to 'roles/gssproxy_client')

diff --git a/roles/gssproxy_client/defaults/main.yml b/roles/gssproxy_client/defaults/main.yml
new file mode 100644
index 0000000..01d4e76
--- /dev/null
+++ b/roles/gssproxy_client/defaults/main.yml
@@ -0,0 +1,8 @@
+# gssproxy_section: service/name
+# gssproxy_client_keytab: path/to/client/keytab
+# gssproxy_keytab: path/to/keytab
+# gssproxy_cred_usage: initiate
+# gssproxy_euid: apache
+# gssproxy_program: /usr/sbin/httpd
+gssproxy_priority: 50
+gssproxy_cred_usage: both
diff --git a/roles/gssproxy_client/tasks/main.yml b/roles/gssproxy_client/tasks/main.yml
new file mode 100644
index 0000000..656b92a
--- /dev/null
+++ b/roles/gssproxy_client/tasks/main.yml
@@ -0,0 +1,17 @@
+- name: generate gssproxy configuration
+  template:
+    src: etc/gssproxy/client.conf.j2
+    dest: /etc/gssproxy/{{ gssproxy_priority }}-{{ gssproxy_name }}.conf
+  register: gssproxy_config
+
+- name: enable gssproxy
+  systemd:
+    name: gssproxy
+    enabled: yes
+    state: started
+
+- name: restart gssproxy
+  systemd:
+    name: gssproxy
+    state: restarted
+  when: gssproxy_config.changed
diff --git a/roles/gssproxy_client/templates/etc/gssproxy/client.conf.j2 b/roles/gssproxy_client/templates/etc/gssproxy/client.conf.j2
new file mode 100644
index 0000000..c3725f7
--- /dev/null
+++ b/roles/gssproxy_client/templates/etc/gssproxy/client.conf.j2
@@ -0,0 +1,16 @@
+[{{ gssproxy_section }}]
+mechs = krb5
+cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_%u
+{% if gssproxy_client_keytab is defined %}
+cred_store = client_keytab:{{ gssproxy_client_keytab }}
+{% endif %}
+{% if gssproxy_keytab is defined %}
+cred_store = keytab:{{ gssproxy_keytab }}
+{% endif %}
+cred_usage = {{ gssproxy_cred_usage }}
+{% if gssproxy_euid is defined %}
+euid = {{ gssproxy_euid }}
+{% endif %}
+{% if gssproxy_program is defined %}
+program = {{ gssproxy_program }}
+{% endif %}
-- 
cgit