2 # Copyright 2013-2014, whitestar
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
17 $LOAD_PATH.push("#{File.dirname(__FILE__)}/_lib")
18 #${chef-repo}/roles/_lib/grid.rb
22 description 'The Grid realm configurations.'
27 #env_run_lists "prod" => ["recipe[apache2]"], "staging" => ["recipe[apache2::staging]"], "_default" => []
35 'default_realm' => Grid::REALM,
37 'default_tgs_enctypes' \
38 => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5',
39 'default_tkt_enctypes' \
40 => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5',
41 'permitted_enctypes' \
42 => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5'
43 # or weak crypto for 1.0.x KSSL
44 #'allow_weak_crypto' => 'true',
45 #'default_tgs_enctypes' \
46 # => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5',
47 #'default_tkt_enctypes' \
48 # => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5',
49 #'permitted_enctypes' \
50 # => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5'
54 'kdcs' => "ns0{0..2}.#{Grid::DOMAIN}".expand,
55 'admin_server' => "krb-admin.#{Grid::DOMAIN}"
59 ".#{Grid::DOMAIN} = #{Grid::REALM}"
63 # for 1.0.x KSSL on the JDK 6 only >>
64 'krb5_strong_crypto' => {
65 'default_tgs_enctypes' \
66 => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5',
67 'default_tkt_enctypes' \
68 => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5',
69 'permitted_enctypes' \
70 => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5'
72 'krb5_weak_crypto' => {
73 'default_tgs_enctypes' \
74 => 'des-cbc-crc des-cbc-md5',
75 'default_tkt_enctypes' \
76 => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5',
77 'permitted_enctypes' \
78 => 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5'