Forge Home

authconfig

A Puppet module to manage authconfig

82,196 downloads

80,319 latest version

3.1 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.6.0 (latest)
  • 0.5.0
  • 0.4.1
  • 0.4.0
  • 0.3.0
released Feb 26th 2015
This version is compatible with:
  • Puppet 3.x
  • , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'yguenane-authconfig', '0.6.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add yguenane-authconfig
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install yguenane-authconfig --version 0.6.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

yguenane/authconfig — version 0.6.0 Feb 26th 2015

#Authconfig

Build Status

A Puppet module that installs and configures authconfig on EL distributions.

It can manage LDAP, NIS, Kerberos and SMB/Winbind related authentication specifics. It also handles enable/disable of caching (nscd).

Usage

Simple Usage

include authconfig

This will install the authconfig package if necessary and set ldap, ldapauth and ldaptls to disable by default.

Custom Usage

class { 'authconfig' :
  ldap           => true,
  ldapauth       => true,
  ldaptls        => false,
  ldapserver     => '192.168.42.42',
  ldapbasedn     => 'dc=example,dc=com',
  ldaploadcacert => 'http://www.example.com/certificates/Example_CA.pem'
  sssd           => false,
  sssdauth       => false,
  forcelegacy    => false,
  pamaccess      => false,
  krb5           => true,
  krb5realm      => 'example.com',
  krb5kdc        => ['kdc1.example.com', 'kdc2.example.com'],
  krb5kadmin     => 'kadmin.example.com',
  cache          => true,
  winbind        => false,
  winbindauth    => false,
  smbsecurity    => 'ads',
  smbrealm       => 'example.com',
  smbworkgroup   => 'MYGROUP',
  winbindjoin    => 'user@domain%password',
}

This will install the authconfig package if necessary and set ldap and ldapauth to enable. It will query the LDAP server located at ldapserver address at ldapbasedn. In the mean time it will set ldaptls to disable. The you can simply do the same for NIS.

In general, if the option is of type --enableoption/--disableoption simply set true if you want to enable it, false otherwise.

Parameters

ldap

Whether to enable LDAP for user information.

ldapauth

Whether to enable LDAP for user authentication.

ldaptls

Whether to enable use of TLS with LDAP.

ldapserver

LDAP server address to connect to.

ldapbasedn

LDAP base dn to connet to.

ldaploadcacert

Loads a CA certificate over HTTP.

sssd

Whether to enable SSSD - caches credentials from a remote provider such as LDAP.

sssdauth

Whether to enable SSSD Auth - Allows users to authenticate from a local cache pulled from a remote provider such as LDAP.

forcelegacy

Pass true or false, which equate to yes or no - undef will not set the value. Used in conjunction with SSSD and other caching services.

pamaccess

Whether to enable pam access - Allows administrators to configure the authentication process to run the pam_access module during account authorization.

krb5

Whether to enable Kerberos.

krb5realm

Specify Kerberos realm.

krb5kdc

Specify Kerberos KDC

krb5kadmin

Specify Kerberos administration server

krb5kdcdns

Enable use of DNS to find kerberos KDCs

krb5realmdns

Enable use of DNS to find kerberos realms

preferdns

Prefer dns over wins or nis for hostname resolution

winbind

Whether to enable Winbind

winbindauth

Whether to enable Winbind for user authentication

smbsecurity

The style of Winbind connection. Default: ads

smbrealm

Specify Active Directory realm

smbworkgroup

Specify Active Directory workgroup

smbservers

Specify Active Directory server or servers. Pass a string or an array.

winbindjoin

Specify user credentials of a domain administrator in the form username@domain%password

cache

Whether to use naming services caches

mkhomedir

Whether to automatically create user home dir on first login

License

Apache License v2

Contact

Yanis Guenane - yguenane@gmail.com