kerberos keytab ^#1

By cpe-team
stable

Supports: xenial bionic

Description

Given a flat tarball of keytab files keyed by $(hostname).keytab this charm
will extract the keytab and using kinit generate a credentials cache for
authentication against a remote KDC or Kerberos enabled AD server.

Series:
xenial ›
bionic ›

Tags:
security ›

Overview

Provides basic functionality to join an ubuntu server to a Kerberos domain using
a pregenerated keytab file.

Usage

From an existing KDC or Kerberos-enabled AD server create one or more principals
for the units you wish to add to your domain.

For each host create $HOSTNAME.keytab
Tar the resulting files into keytab.tar

It is important to have this file created before deploying the charm. This file
can then be used during application deployment:

juju deploy kerberos-keytab --resource keytab_bundle=.tar
juju add-relation kerberos-keytab

Configuration

This charm assumes the Kerberos domain and realm to be EXAMPLE.COM, which is
likely incorrect for your environment. This should be changed before relating
it to any other units.

Contact Information

Michael Skalka
michael.skalka@canonical.com

Configuration

admin-server-address: (string) IP Address or hostname of the remote admin server.
domain: (string) Kerberos domain. Currently only supports a single entry.; EXAMPLE.COM
kdc-address: (string) IP Address or hostname of the remote KDC or Kerberos enabled AD server.
principal: (string) principal to use when adding the server, e.g. "host/HOSTNAME.example.com"; host
realm: (string) Kerberos Realm. Currently only supports a single entry.; EXAMPLE.COM
user: (string) Local user to perform domain join under, defaults to ubuntu.; ubuntu