cookbooks/krb5/attributes/default.rb

   1 #
   2 # Cookbook Name:: krb5
   3 # Attributes:: default
   4 #
   5 # Copyright 2013, whitestar
   6 #
   7 # Licensed under the Apache License, Version 2.0 (the "License");
   8 # you may not use this file except in compliance with the License.
   9 # You may obtain a copy of the License at
  10 #
  11 #     http://www.apache.org/licenses/LICENSE-2.0
  12 #
  13 # Unless required by applicable law or agreed to in writing, software
  14 # distributed under the License is distributed on an "AS IS" BASIS,
  15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16 # See the License for the specific language governing permissions and
  17 # limitations under the License.
  18 #
  19
  20 default['krb5']['libdefaults']['default_realm'] = 'LOCALDOMAIN'
  21 default['krb5']['libdefaults']['allow_weak_crypto'] = 'false'
  22 default['krb5']['libdefaults']['default_tgs_enctypes'] = nil
  23 default['krb5']['libdefaults']['default_tkt_enctypes'] = nil
  24 default['krb5']['libdefaults']['permitted_enctypes'] = nil
  25 ## for strong crypto
  26 #default['krb5']['libdefaults']['default_tgs_enctypes'] = 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5'
  27 #default['krb5']['libdefaults']['default_tkt_enctypes'] = 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5'
  28 #default['krb5']['libdefaults']['permitted_enctypes'] = 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5'
  29 ## for weak crypto (Hadoop 1.0 KSSL on the JDK 6)
  30 #default['krb5']['libdefaults']['allow_weak_crypto'] = 'true'
  31 #default['krb5']['libdefaults']['default_tgs_enctypes'] = 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5'
  32 #default['krb5']['libdefaults']['default_tkt_enctypes'] = 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5'
  33 #default['krb5']['libdefaults']['permitted_enctypes'] = 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5'
  34 default['krb5']['realms'] = {
  35   node['krb5']['libdefaults']['default_realm'] => {
  36     'kdcs' => [
  37       'localhost'
  38     ],
  39     'admin_server' => 'localhost'
  40   }
  41 }
  42 default['krb5']['domain_realms'] = [
  43   'localhost = LOCALDOMAIN'
  44 ]
  45
  46 default['krb5']['kadm5.acl'] = ''
  47 =begin
  48 # e.g.
  49 default['krb5']['kadm5.acl'] = <<-EOC
  50 */admin *
  51 EOC
  52 =end
  53 default['krb5']['kpropd.acl'] = ''
  54 =begin
  55 # e.g. list KDCs
  56 default['krb5']['kpropd.acl'] = <<-EOC
  57 host/ns00.grid.example.com@GRID.EXAMPLE.COM
  58 host/ns01.grid.example.com@GRID.EXAMPLE.COM
  59 EOC
  60 =end
  61 #default['krb5'][''] = ''