From 7db978752bbd7e076fe11fb2bc84c1fa05b0dccc Mon Sep 17 00:00:00 2001
From: Adam Henry Lewenberg <adamhl@stanford.edu>
Date: Thu, 18 May 2017 13:53:30 -0700
Subject: [PATCH] fix a few more things in kerb5_conf template file

---
 manifests/kerberos/krb5_conf.pp      |  6 +++---
 templates/kerberos/etc/krb5.conf.erb | 15 ++++++++++++++-
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/manifests/kerberos/krb5_conf.pp b/manifests/kerberos/krb5_conf.pp
index 9ded137..f790ea0 100644
--- a/manifests/kerberos/krb5_conf.pp
+++ b/manifests/kerberos/krb5_conf.pp
@@ -14,7 +14,7 @@
 #   you want the client to be able to connect to services where the service
 #   name's IP address PTR record may not match the hostname (e.g., for
 #   services running in Amazon Web Services).
-#   Default: true
+#   Default: false
 #
 ## ADVANCED
 #
@@ -101,7 +101,7 @@
 # raise an exception.
 
 
-define kerberos::krb5_conf (
+define base::kerberos::krb5_conf (
   $env                             = 'prod',
   $realm                           = 'stanford.edu',
   $default_realm                   = 'stanford.edu',
@@ -110,7 +110,7 @@ define kerberos::krb5_conf (
   $master_kdc                      = undef,
   $admin_server                    = undef,
   $kpasswd_server                  = undef,
-  $rdns_enabled                    = true,
+  $rdns_enabled                    = false,
   $prefer_tcp                      = false,
 ) {
 
diff --git a/templates/kerberos/etc/krb5.conf.erb b/templates/kerberos/etc/krb5.conf.erb
index dce58e8..f32fe78 100644
--- a/templates/kerberos/etc/krb5.conf.erb
+++ b/templates/kerberos/etc/krb5.conf.erb
@@ -122,7 +122,11 @@
         default_domain = slac.stanford.edu
     }
     WIN.SLAC.STANFORD.EDU = {
-        kdc            = winmaster2.win.slac.stanford.edu
+        kdc            = dc01.slac.stanford.edu:88
+        kdc            = dc02.slac.stanford.edu:88
+        kdc            = dc03.slac.stanford.edu:88
+        master_kdc     = dc01.slac.stanford.edu:88
+        admin_server   = dc01.slac.stanford.edu
         default_domain = win.slac.stanford.edu
     }
     ATHENA.MIT.EDU = {
@@ -173,6 +177,8 @@
     .oit.duke.edu               = stanford.edu
     win.stanford.edu            = WIN.STANFORD.EDU
     .win.stanford.edu           = WIN.STANFORD.EDU
+    atragon.stanford.edu        = WIN.STANFORD.EDU
+    itcert.stanford.edu         = WIN.STANFORD.EDU
     daper.stanford.edu          = IT.WIN.STANFORD.EDU
     gsbworkspace.stanford.edu   = IT.WIN.STANFORD.EDU
     infraappprod.stanford.edu   = IT.WIN.STANFORD.EDU
@@ -182,8 +188,14 @@
     workspace.stanford.edu      = IT.WIN.STANFORD.EDU
     winuat.stanford.edu         = WINUAT.STANFORD.EDU
     .winuat.stanford.edu        = WINUAT.STANFORD.EDU
+    wst-web1-uat.stanford.edu   = WINUAT.STANFORD.EDU
+    msweb2.stanford.edu         = EX.MS.STANFORD.EDU
+    windows-ms.stanford.edu     = EX.MS.STANFORD.EDU
     nt.stanford.edu             = NT.STANFORD.EDU
     .nt.stanford.edu            = NT.STANFORD.EDU
+    ntcert1.stanford.edu        = NT.STANFORD.EDU
+    ntweb2.stanford.edu         = TYR.NT.STANFORD.EDU
+    windows-nt.stanford.edu     = TYR.NT.STANFORD.EDU
     guest.stanford.edu          = GUEST.STANFORD.EDU
     .guest.stanford.edu         = GUEST.STANFORD.EDU
     guest-mgmt.stanford.edu     = GUEST.STANFORD.EDU
@@ -194,6 +206,7 @@
     guestuat-mgmt.stanford.edu  = GUESTUAT.STANFORD.EDU
     guestuatidmweb.stanford.edu = GUESTUAT.STANFORD.EDU
     .slac.stanford.edu          = SLAC.STANFORD.EDU
+    .win.slac.stanford.edu      = WIN.SLAC.STANFORD.EDU
     .isc.org                    = ISC.ORG
     mit.edu                     = ATHENA.MIT.EDU
     .mit.edu                    = ATHENA.MIT.EDU
-- 
GitLab