diff --git a/NEWS b/NEWS
index f5619302d448d64c160fc92b3a9e9cca7ee2d3d8..958cd49d862f8428da6c9aae289ae60b2b9c4c75 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,8 @@
release/005.007 (unreleased)
+ [kerberos] Add options to completely override /etc/krb5.conf using one
+ the parameter $source. [adamhl]
+
[newsyslog] Pull out filter-syslog from newsyslog so filtersyslog can
be used separately from newsyslog. [adamhl]
diff --git a/manifests/kerberos.pp b/manifests/kerberos.pp
index 5aed890ca6c0535bff16daf8a0004186cf220157..6c63d2c23b1e360d798f3371d9cb9e9047a923b9 100644
--- a/manifests/kerberos.pp
+++ b/manifests/kerberos.pp
@@ -14,6 +14,9 @@
# content => undef,
# }
# }
+#
+# UPDATE: Rather than overriding this class, you may want to use the
+# $source parameter defined below.
# **********************************************************************
#
#
@@ -35,10 +38,24 @@
# name's IP address PTR record may not match the hostname (e.g., for
# services running in Amazon Web Services).
# Default: true
+#
+# $source:
+# If you want to use your own /etc/krb5.conf file completely overriding
+# the one provided in this class, use this parameter.
+# Example:
+# class { 'base::kerberos':
+# source => 'puppet:///modules/s_accounts/etc/krb5.conf',
+# }
+#
+# Note that we don't have an an analagous "content" parameter as calling
+# a template from a different module is not a good idea.
+# Default: undef
+
class base::kerberos(
$prefer_tcp = false,
$krb_env = 'prod',
$rdns_enabled = true,
+ $source = undef,
){
# We only allow the 'prod', 'uat', and 'test' environments.
@@ -71,9 +88,16 @@ class base::kerberos(
}
# Basic Kerberos configuration.
- file { '/etc/krb5.conf':
- content => template('base/kerberos/krb5.conf.erb')
+ if ($source) {
+ file { '/etc/krb5.conf':
+ source => $source,
+ }
+ } else {
+ file { '/etc/krb5.conf':
+ content => template('base/kerberos/krb5.conf.erb'),
+ }
}
+
}
# base::kerberos::dr is no longer needed, because it's functionality has been