5 # Copyright 2013, whitestar
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
11 # http://www.apache.org/licenses/LICENSE-2.0
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
20 default['krb5']['libdefaults']['default_realm'] = 'LOCALDOMAIN'
21 default['krb5']['libdefaults']['allow_weak_crypto'] = 'false'
22 default['krb5']['libdefaults']['default_tgs_enctypes'] = nil
23 default['krb5']['libdefaults']['default_tkt_enctypes'] = nil
24 default['krb5']['libdefaults']['permitted_enctypes'] = nil
26 #default['krb5']['libdefaults']['default_tgs_enctypes'] = 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5'
27 #default['krb5']['libdefaults']['default_tkt_enctypes'] = 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5'
28 #default['krb5']['libdefaults']['permitted_enctypes'] = 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5'
29 ## for weak crypto (Hadoop 1.0 KSSL on the JDK 6)
30 #default['krb5']['libdefaults']['allow_weak_crypto'] = 'true'
31 #default['krb5']['libdefaults']['default_tgs_enctypes'] = 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5'
32 #default['krb5']['libdefaults']['default_tkt_enctypes'] = 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5'
33 #default['krb5']['libdefaults']['permitted_enctypes'] = 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5'
34 default['krb5']['realms'] = {
35 node['krb5']['libdefaults']['default_realm'] => {
39 'admin_server' => 'localhost'
42 default['krb5']['domain_realms'] = [
43 'localhost = LOCALDOMAIN'
46 default['krb5']['kadm5.acl'] = ''
49 default['krb5']['kadm5.acl'] = <<-EOC
53 default['krb5']['kpropd.acl'] = ''
56 default['krb5']['kpropd.acl'] = <<-EOC
57 host/ns00.grid.example.com@GRID.EXAMPLE.COM
58 host/ns01.grid.example.com@GRID.EXAMPLE.COM
61 #default['krb5'][''] = ''