Commit c5b4d0d1 authored by Adam Lewenberg's avatar Adam Lewenberg
Browse files

add support for qa kerberos environment

parent 7e41ce0e
release/005.006 (2017-02-16)
[kerberos] Add support for the new kerberos environment 'qa'. [adamhl]
release/005.005 (2017-02-02) release/005.005 (2017-02-02)
[kerberos] Add the option rdns_enabled so that Kerberos can be [kerberos] Add the option rdns_enabled so that Kerberos can be
......
...@@ -17,20 +17,23 @@ ...@@ -17,20 +17,23 @@
# ********************************************************************** # **********************************************************************
# #
# #
# $krb_env: Which kerberos environment to use. Must be one of: # $krb_env:
# 'prod', 'uat', or 'test'. # Which kerberos environment to use. Must be one of:
# 'prod', 'uat', 'qa', or 'test'.
# Default: 'prod' # Default: 'prod'
# #
# $prefer_tcp: Normal kerberos traffic uses UDP, but some applications # $prefer_tcp:
# Normal kerberos traffic uses UDP, but some applications
# (lookin' at you Java!) work better with TCP. Set this parameter to # (lookin' at you Java!) work better with TCP. Set this parameter to
# "true" to force the client to prefer TCP to UDP. # "true" to force the client to prefer TCP to UDP.
# Default: false # Default: false
# #
# $rdns_enabled: if 'true' have the Kerberos client do a reverse DNS # $rdns_enabled:
# lookup on the hostname when connecting to a server. This should be set # If 'true' have the Kerberos client do a reverse DNS lookup on the
# to 'false' if you want the client to be able to connect to services where # hostname when connecting to a server. This should be set to 'false' if
# the service name's IP address PTR record may not match the hostname # you want the client to be able to connect to services where the service
# (e.g., for services running in Amazon Web Services). # name's IP address PTR record may not match the hostname (e.g., for
# services running in Amazon Web Services).
# Default: true # Default: true
class base::kerberos( class base::kerberos(
$prefer_tcp = false, $prefer_tcp = false,
...@@ -40,7 +43,7 @@ class base::kerberos( ...@@ -40,7 +43,7 @@ class base::kerberos(
# We only allow the 'prod', 'uat', and 'test' environments. # We only allow the 'prod', 'uat', and 'test' environments.
case $krb_env { case $krb_env {
'prod', 'uat', 'test': {} 'prod', 'uat', 'test', 'qa': {}
default: { fail("unrecognized kerberos environment '${krb_env}'") } default: { fail("unrecognized kerberos environment '${krb_env}'") }
} }
......
...@@ -76,6 +76,14 @@ elsif (@krb_env == 'test') then ...@@ -76,6 +76,14 @@ elsif (@krb_env == 'test') then
admin_server = kerberos-test.stanford.edu admin_server = kerberos-test.stanford.edu
kpasswd_server = kerberos-test.stanford.edu kpasswd_server = kerberos-test.stanford.edu
<% <%
elsif (@krb_env == 'qa') then
-%>
kdc = kerberos-qa2.stanford.edu:88
kdc = kerberos-qa1.stanford.edu:88
master_kdc = master-kdc-qa.stanford.edu:88
admin_server = master-kdc-qa.stanford.edu
kpasswd_server = master-kdc-qa.stanford.edu
<%
else else
if (@drSite) then if (@drSite) then
-%> -%>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment