Skip to content

Commit

Permalink
Merge pull request #1 from guadaltech/master
Browse files Browse the repository at this point in the history 
Update data
  • Loading branch information
@juanjoselopezroldan
juanjoselopezroldan authored Apr 2, 2020
2 parents 397623a + 2352a7c commit 962649b
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 6 deletions.
12 changes: 9 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,13 +42,19 @@ Example Delete:
blksmanager -m delete -l [HOST LDAP] -a (ADMIN_LDAP) -w (ADMIN_PASS_LDAP) -u (USER) -d (DOMAIN) -k [KEYTAB FILE]
```

**Add User:**
**Add user simple:**

```
blksmanager -m add -a admin -w admin_pass -u user3 -p user3 -g 5000 -d example.com
```

**Delete User:**
**Add user with password [expire time](https://web.mit.edu/kerberos/krb5-1.12/doc/basic/date_format.html#getdate):**

```
blksmanager -m add -a admin -w admin_pass -u user3 -p user3 -g 5000 -e "300 sec" -d example.com
```

**Delete user:**

```
blksmanager -m delete -a admin -w admin_pass -u user3 -d example.com
Expand Down Expand Up @@ -152,4 +158,4 @@ ansible-playbook -i inventory/local/hosts.ini --become --become-user=root ansibl
## Authors

- [Juan Manuel Torres](https://github.com/tedezed)
- [Juan José López](https://github.com/juanjoselopezroldan)
- [Juan José López](https://github.com/juanjoselopezroldan)
12 changes: 9 additions & 3 deletions roles/kerberos/files/blksmanager
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,11 @@ Options:
-p <USERNAME PASSWD>
-g <GID>
-d <DOMAIN>
-e [PWEXPIRE]
-k [KEYTAB FILE]
Example Add:
blksmanager -m add -l [HOST LDAP] -a (ADMIN_LDAP) -w (ADMIN_PASS_LDAP) -u (USER) -p (USER_PASSWD) -g (USER_GID_LDAP) -d (DOMAIN) -k [KEYTAB FILE]
blksmanager -m add -l [HOST LDAP] -a (ADMIN_LDAP) -w (ADMIN_PASS_LDAP) -u (USER) -p (USER_PASSWD) -g (USER_GID_LDAP) -d (DOMAIN) -e [PWEXPIRE] -k [KEYTAB FILE]
Example Delete:
blksmanager -m delete -l [HOST LDAP] -a (ADMIN_LDAP) -w (ADMIN_PASS_LDAP) -u (USER) -d (DOMAIN) -k [KEYTAB FILE]
Expand Down Expand Up @@ -87,7 +88,11 @@ EOF
function add_kerberos ()
{
echo "Use keytab: $KEYTAB"
kadmin.local -q "addprinc -pw $USERNAME_PASSWD $USERNAME@$UPPER_DOMAIN"
if [ -z "$PWEXPIRE" ]; then
kadmin.local -q "addprinc -pw $USERNAME_PASSWD $USERNAME@$UPPER_DOMAIN"
else
kadmin.local -q "addprinc -pw $USERNAME_PASSWD -pwexpire \"$PWEXPIRE\" $USERNAME@$UPPER_DOMAIN"
fi
kadmin.local -q "ktadd -norandkey -k $KEYTAB $USERNAME@$UPPER_DOMAIN"
}

Expand All @@ -98,7 +103,7 @@ kadmin.local -q "delete_principal $USERNAME@$UPPER_DOMAIN"
kdestroy
}

while getopts ":m:l:a:w:u:p:g:d:k:h" OPTIONS; do
while getopts ":m:l:a:w:u:p:g:d:e:k:h" OPTIONS; do
case "${OPTIONS}" in
m) MODE=${OPTARG} ;;
l) HOST_IP=${OPTARG} ;;
Expand All @@ -108,6 +113,7 @@ while getopts ":m:l:a:w:u:p:g:d:k:h" OPTIONS; do
p) USERNAME_PASSWD=${OPTARG} ;;
g) GID=${OPTARG} ;;
d) DOMAIN=${OPTARG} ;;
e) PWEXPIRE=${OPTARG} ;;
k) KEYTAB=${OPTARG} ;;
h) usage ;;
*) usage ;;
Expand Down
2 changes: 2 additions & 0 deletions roles/sssd/templates/sssd.conf.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ krb5_server = kerberos.{{ domain }}
krb5_store_password_if_offline = true
cache_credentials = true

ldap_pwd_policy = mit_kerberos

# Bonus
fallback_homedir = /home/%u
default_shell = /bin/bash
Expand Down

0 comments on commit 962649b

Please sign in to comment.