modules/krb/manifests/init.pp

   1 class krb {
   2     file {
   3         "/etc/krb5.conf":
   4             content => template("krb/krb5.conf.erb"),
   5             ;
   6     }
   7
   8     case $hostname {
   9         byrd,schuetz: {
  10             @ferm::rule { "dsa-krb-kdc":
  11                 domain          => "(ip ip6)",
  12                 description  => "kerberos KDC",
  13                 rule         => "&TCP_UDP_SERVICE(kerberos)"
  14             }
  15         }
  16     }
  17
  18     case $hostname {
  19         byrd: {
  20             @ferm::rule { "dsa-krb-ipropd":
  21                 domain       => "ip",
  22                 description  => "kerberos ipropd",
  23                 rule         => "&SERVICE_RANGE(tcp, iprop, 206.12.19.119)",
  24             }
  25             @ferm::rule { "dsa-krb-ipropd-v6":
  26                 domain       => 'ip6',
  27                 description  => "kerberos ipropd (IPv6)",
  28                 rule         => "&SERVICE_RANGE(tcp, iprop, 2607:f8f0:610:4000:216:36ff:fe40:380a)",
  29             }
  30             @ferm::rule { "dsa-krb-kpasswdd":
  31                 domain          => "(ip ip6)",
  32                 description  => "kerberos KDC",
  33                 rule         => "&SERVICE(udp, kpasswd)",
  34             }
  35             @ferm::rule { "dsa-krb-kadmind":
  36                 domain       => "ip",
  37                 description  => "kerberos kadmind access from draghi",
  38                 rule         => "&SERVICE_RANGE(tcp, kerberos-adm, 82.195.75.106)",
  39             }
  40             @ferm::rule { "dsa-krb-kadmind-v6":
  41                 domain       => "ip6",
  42                 description  => "kerberos kadmind access from draghi",
  43                 rule         => "&SERVICE_RANGE(tcp, kerberos-adm, 2001:41b8:202:deb:216:36ff:fe40:3906)",
  44             }
  45         }
  46     }
  47
  48 }
  49 # vim:set et:
  50 # vim:set sts=4 ts=4:
  51 # vim:set shiftwidth=4: