kerberos keytab #1
Description
Given a flat tarball of keytab files keyed by $(hostname).keytab this charm will extract the keytab and using kinit generate a credentials cache for authentication against a remote KDC or Kerberos enabled AD server.
- Tags:
- security ›
Overview
Provides basic functionality to join an ubuntu server to a Kerberos domain using a pregenerated keytab file.
Usage
From an existing KDC or Kerberos-enabled AD server create one or more principals for the units you wish to add to your domain.
- For each host create $HOSTNAME.keytab
- Tar the resulting files into keytab.tar
It is important to have this file created before deploying the charm. This file can then be used during application deployment:
- juju deploy kerberos-keytab --resource keytab_bundle=
.tar - juju add-relation kerberos-keytab
Configuration
This charm assumes the Kerberos domain and realm to be EXAMPLE.COM, which is likely incorrect for your environment. This should be changed before relating it to any other units.
Contact Information
Michael Skalka michael.skalka@canonical.com
Configuration
- admin-server-address
- (string) IP Address or hostname of the remote admin server.
- domain
- (string) Kerberos domain. Currently only supports a single entry.
- EXAMPLE.COM
- kdc-address
- (string) IP Address or hostname of the remote KDC or Kerberos enabled AD server.
- principal
- (string) principal to use when adding the server, e.g. "host/HOSTNAME.example.com"
- host
- realm
- (string) Kerberos Realm. Currently only supports a single entry.
- EXAMPLE.COM
- user
- (string) Local user to perform domain join under, defaults to ubuntu.
- ubuntu