# Krb5 Client Configure * `krb5.kadmin_principal` (string, required) * `krb5.kadmin_password` (string, required) * `krb5.kadmin_server` (string, required) * `krb5.realm` (string, required) * `krb5.etc_krb5_conf` (object) Object representing the full ini file in "/etc/krb5.conf". It is generated by default. * `krb5.sshd` (object) Properties inserted in the "/etc/ssh/sshd_config" file. Example: ```json { "krb5": { "realm": "ADALTAS.COM", "kdc": "krb5.hadoop", "kadmin_server": "krb5.hadoop", "kadmin_principal": "wdavidw/admin@ADALTAS.COM", "kadmin_password": "test", "sshd": { "ChallengeResponseAuthentication: "yes", "KerberosAuthentication: "yes", "KerberosOrLocalPasswd: "yes", "KerberosTicketCleanup: "yes", "GSSAPIAuthentication: "yes", "GSSAPICleanupCredentials: "yes" } } } ``` export default (service) -> options = service.options ## Enable Client options.krb5_conf ?= {} options.krb5_conf.enabled ?= service.deps.krb5_server?.length > 0 options.fqdn ?= service.node.fqdn options.sshd ?= {} options.kinit ?= '/usr/bin/kinit' options.admin = merge service.deps.krb5_server[0].options.admin, options.admin if service.deps.krb5_server options.etc_krb5_conf = merge module.exports.etc_krb5_conf, options.etc_krb5_conf # Merge global with server-based configuration # options.etc_krb5_conf.realms = merge options.etc_krb5_conf.realms, options.etc_krb5_conf.realms if service.deps.krb5_server for srv in service.deps.krb5_server for realm, config of srv.options.admin options.etc_krb5_conf.realms[realm] ?= {} options.etc_krb5_conf.realms[realm].kdc ?= [] options.etc_krb5_conf.realms[realm].kdc.push srv.node.fqdn # realms[realm].kdc = [realms[realm].kdc] unless Array.isArray realms[realm].kdc options.etc_krb5_conf.realms[realm].admin_server ?= [] options.etc_krb5_conf.realms[realm].admin_server.push srv.node.fqdn # realms[realm].default_domain ?= realm.toLowerCase() options.etc_krb5_conf.libdefaults.default_realm = realm ## Wait options.wait = {} options.wait.kdc_tcp = for realm, config of options.etc_krb5_conf.realms for kdc in config.kdc [kdc, port] = kdc.split ':' host: kdc, port: port or '88' options.wait.kdc_tcp = array.flatten options.wait.kdc_tcp options.wait.kadmin_tcp = for realm, config of options.etc_krb5_conf.realms continue unless config.admin_server?.length for server in config.admin_server [host, port] = server.split ':' host: host, port: port or 749 options.wait.kadmin_tcp = array.flatten options.wait.kadmin_tcp options.wait.kadmin_listprincs = for realm, config of options.admin continue unless config.kadmin_principal and config.admin_server misc.kadmin realm: realm kadmin_principal: config.kadmin_principal kadmin_password: config.kadmin_password kadmin_server: config.admin_server , 'listprincs' module.exports.etc_krb5_conf = 'logging': 'default': 'SYSLOG:INFO:LOCAL1' 'kdc': 'SYSLOG:NOTICE:LOCAL1' 'admin_server': 'SYSLOG:WARNING:LOCAL1' 'libdefaults': 'dns_lookup_realm': false 'dns_lookup_kdc': false 'ticket_lifetime': '24h' 'renew_lifetime': '7d' 'forwardable': true 'allow_weak_crypto': 'false' 'ticket_lifetime': '24h' 'clockskew': '300' 'rdns': 'false' 'realms': {} 'domain_realm': {} 'appdefaults': 'pam': 'debug': false 'ticket_lifetime': 36000 'renew_lifetime': 36000 'forwardable': true 'krb4_convert': false 'dbmodules': {} ## Dependencies misc = require '@nikitajs/core/lib/misc' array = require '@nikitajs/core/lib/misc/array' {merge} = require 'mixme'