include samhain
- case $::hostname {
- byrd,schuetz,tchaikovsky,draghi,quantz,lamb,locke,rautavaara,rietz: {
- include krb
- }
- }
-
case $::hostname {
chopin,geo3,soler,wieck: {
include debian-radvd
blavet.debian.org: Michel Blavet (March 13, 1700 - October 28, 1768)
brahms.debian.org: Johannes Brahms (May 7th, 1833 - April 3rd, 1897)
busoni.debian.org: Ferruccio Dante Michelangiolo Benvenuto Busoni (April 1st, 1866 - July 27th, 1924)
- byrd.debian.org: William Byrd (1543 - July 4th, 1623)
chopin.debian.org: Frédéric Chopin (March 1st, 1810 - October 17th, 1849)
cilea.debian.org: Francesco Cilèa (July 26th, 1866 - November 20th, 1950)
corelli.debian.org: Arcangelo Corelli (February 17th, 1653 - January 8th, 1713)
schein.debian.org: Johann Hermann Schein (January 20th, 1586 - November 19th, 1630)
schroeder.debian.org: Hermann Schroeder (March 26th, 1904 - October 7th, 1984)
schumann.debian.org: Robert Alexander Schumann (June 8th, 1810 - July 29th, 1856)
- schuetz.debian.org: Heinrich Schütz (October 8th, 1585 - November 6th, 1672)
senfl.debian.org: Ludwig Senfl (~1490 - ~1543)
sibelius.debian.org: Jean Sibelius (December 8th, 1865 - September 20th, 1957)
smetana.debian.org: Bedřich Smetana (March 2nd, 1824 - May 12th, 1884)
# - biber.debian.org
# - brahms.debian.org
# - busoni.debian.org
- # - byrd.debian.org
# - caballero.debian.org
# - chopin.debian.org
# - cilea.debian.org
# - scelsi.debian.org
# - schein.debian.org
# - schroeder.debian.org
- # - schuetz.debian.org
# - schumann.debian.org
# - senfl.debian.org
# - sibelius.debian.org
biber.debian.org: mailout.debian.org
blavet.debian.org: mailout.debian.org
brahms.debian.org: mailout.debian.org
- byrd.debian.org: mailout.debian.org
caballero.debian.org: mailout.debian.org
cilea.debian.org: mailout.debian.org
corelli.debian.org: mailout.debian.org
scelsi.debian.org: mailout.debian.org
schein.debian.org: mailout.debian.org
schroeder.debian.org: mailout.debian.org
- schuetz.debian.org: mailout.debian.org
schumann.debian.org: mailout.debian.org
senfl.debian.org: mailout.debian.org
sibelius.debian.org: mailout.debian.org
+++ /dev/null
-class krb {
- package { "heimdal-clients": ensure => installed }
-
- file {
- "/etc/krb5.conf":
- content => template("krb/krb5.conf.erb"),
- require => Package["heimdal-clients"],
- ;
- }
-
- case $hostname {
- byrd,schuetz: {
- @ferm::rule { "dsa-krb-kdc":
- domain => "(ip ip6)",
- description => "kerberos KDC",
- rule => "&TCP_UDP_SERVICE(kerberos)"
- }
- }
- }
-
- case $hostname {
- byrd: {
- @ferm::rule { "dsa-krb-ipropd":
- domain => "ip",
- description => "kerberos ipropd",
- rule => "&SERVICE_RANGE(tcp, iprop, 206.12.19.119)",
- }
- @ferm::rule { "dsa-krb-ipropd-v6":
- domain => 'ip6',
- description => "kerberos ipropd (IPv6)",
- rule => "&SERVICE_RANGE(tcp, iprop, 2607:f8f0:610:4000:216:36ff:fe40:380a)",
- }
- @ferm::rule { "dsa-krb-kpasswdd":
- domain => "(ip ip6)",
- description => "kerberos KDC",
- rule => "&SERVICE(udp, kpasswd)",
- }
- @ferm::rule { "dsa-krb-kadmind":
- domain => "ip",
- description => "kerberos kadmind access from draghi",
- rule => "&SERVICE_RANGE(tcp, kerberos-adm, 82.195.75.106)",
- }
- @ferm::rule { "dsa-krb-kadmind-v6":
- domain => "ip6",
- description => "kerberos kadmind access from draghi",
- rule => "&SERVICE_RANGE(tcp, kerberos-adm, 2001:41b8:202:deb:216:36ff:fe40:3906)",
- }
- }
- }
-
-}
-# vim:set et:
-# vim:set sts=4 ts=4:
-# vim:set shiftwidth=4:
+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-[libdefaults]
- default_realm = DEBIAN.ORG
-
-# The following krb5.conf variables are only for MIT Kerberos.
- krb4_config = /etc/krb.conf
- krb4_realms = /etc/krb.realms
- kdc_timesync = 1
- ccache_type = 4
- forwardable = true
- proxiable = true
-
-# The following encryption type specification will be used by MIT Kerberos
-# if uncommented. In general, the defaults in the MIT Kerberos code are
-# correct and overriding these specifications only serves to disable new
-# encryption types as they are added, creating interoperability problems.
-#
-# Thie only time when you might need to uncomment these lines and change
-# the enctypes is if you have local software that will break on ticket
-# caches containing ticket encryption types it doesn't know about (such as
-# old versions of Sun Java).
-
-# default_tgs_enctypes = des3-hmac-sha1
-# default_tkt_enctypes = des3-hmac-sha1
-# permitted_enctypes = des3-hmac-sha1
-
-# The following libdefaults parameters are only for Heimdal Kerberos.
- v4_instance_resolve = false
- v4_name_convert = {
- host = {
- rcmd = host
- ftp = ftp
- }
- plain = {
- something = something-else
- }
- }
- fcc-mit-ticketflags = true
-
-[realms]
- DEBIAN.ORG = {
- kdc = 82.195.75.92 # byrd
- kdc = [2001:41b8:202:deb:216:36ff:fe40:3908] # byrd
- kdc = 206.12.19.119 # schuetz
- kdc = [2607:f8f0:610:4000:216:36ff:fe40:380a] # schuetz
- master_kdc = 82.195.75.92 # byrd
- master_kdc = [2001:41b8:202:deb:216:36ff:fe40:3908] # byrd
- admin_server = 82.195.75.92 # byrd
- admin_server = [2001:41b8:202:deb:216:36ff:fe40:3908] # byrd
- }
-
-[domain_realm]
- .debian.org = DEBIAN.ORG
-
-[login]
- krb4_convert = true
- krb4_get_tickets = false
-
-<% if fqdn == "byrd.debian.org" -%>
-[password_quality]
- policies = builtin:minimum-length external-check
- min_length = 8
- external_program = /etc/heimdal-kdc/heimdal-password-quality-check
-<% end -%>
projects / mirror / dsa-puppet.git / commitdiff