From 74a152da57712e8a12cad1668932429d6b983986 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 19 Mar 2012 14:15:39 +0100
Subject: [PATCH] Decommission byrd and schuetz; get rid of krb module
 (RT#3631)

---
 manifests/site.pp                   |  6 ---
 modules/debian-org/misc/local.yaml  |  6 ---
 modules/krb/manifests/init.pp       | 54 -----------------------
 modules/krb/templates/krb5.conf.erb | 68 -----------------------------
 4 files changed, 134 deletions(-)
 delete mode 100644 modules/krb/manifests/init.pp
 delete mode 100644 modules/krb/templates/krb5.conf.erb

diff --git a/manifests/site.pp b/manifests/site.pp
index 588e9b555..d7a965ddd 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -137,12 +137,6 @@ node default {
 
     include samhain
 
-    case $::hostname {
-        byrd,schuetz,tchaikovsky,draghi,quantz,lamb,locke,rautavaara,rietz: {
-            include krb
-        }
-    }
-
     case $::hostname {
         chopin,geo3,soler,wieck: {
             include debian-radvd
diff --git a/modules/debian-org/misc/local.yaml b/modules/debian-org/misc/local.yaml
index d9144106a..9f94668e1 100644
--- a/modules/debian-org/misc/local.yaml
+++ b/modules/debian-org/misc/local.yaml
@@ -22,7 +22,6 @@ nameinfo:
   blavet.debian.org: Michel Blavet (March 13, 1700 - October 28, 1768)
   brahms.debian.org: Johannes Brahms (May 7th, 1833 - April 3rd, 1897)
   busoni.debian.org: Ferruccio Dante Michelangiolo Benvenuto Busoni (April 1st, 1866 - July 27th, 1924)
-  byrd.debian.org: William Byrd (1543 - July 4th, 1623)
   chopin.debian.org: FrÃ©dÃ©ric Chopin (March 1st, 1810 - October 17th, 1849)
   cilea.debian.org: Francesco CilÃ¨a (July 26th, 1866 - November 20th, 1950)
   corelli.debian.org: Arcangelo Corelli (February 17th, 1653 - January 8th, 1713)
@@ -114,7 +113,6 @@ nameinfo:
   schein.debian.org: Johann Hermann Schein (January 20th, 1586 - November 19th, 1630)
   schroeder.debian.org: Hermann Schroeder (March 26th, 1904 - October 7th, 1984)
   schumann.debian.org: Robert Alexander Schumann (June 8th, 1810 - July 29th, 1856)
-  schuetz.debian.org: Heinrich SchÃ¼tz (October 8th, 1585 - November 6th, 1672)
   senfl.debian.org: Ludwig Senfl (~1490 - ~1543)
   sibelius.debian.org: Jean Sibelius (December 8th, 1865 - September 20th, 1957)
   smetana.debian.org: BedÅich Smetana (March 2nd, 1824 - May 12th, 1884)
@@ -313,7 +311,6 @@ host_settings:
   #  - biber.debian.org
   #  - brahms.debian.org
   #  - busoni.debian.org
-  #  - byrd.debian.org
   #  - caballero.debian.org
   #  - chopin.debian.org
   #  - cilea.debian.org
@@ -387,7 +384,6 @@ host_settings:
   #  - scelsi.debian.org
   #  - schein.debian.org
   #  - schroeder.debian.org
-  #  - schuetz.debian.org
   #  - schumann.debian.org
   #  - senfl.debian.org
   #  - sibelius.debian.org
@@ -431,7 +427,6 @@ host_settings:
     biber.debian.org: mailout.debian.org
     blavet.debian.org: mailout.debian.org
     brahms.debian.org: mailout.debian.org
-    byrd.debian.org: mailout.debian.org
     caballero.debian.org: mailout.debian.org
     cilea.debian.org: mailout.debian.org
     corelli.debian.org: mailout.debian.org
@@ -522,7 +517,6 @@ host_settings:
     scelsi.debian.org: mailout.debian.org
     schein.debian.org: mailout.debian.org
     schroeder.debian.org: mailout.debian.org
-    schuetz.debian.org: mailout.debian.org
     schumann.debian.org: mailout.debian.org
     senfl.debian.org: mailout.debian.org
     sibelius.debian.org: mailout.debian.org
diff --git a/modules/krb/manifests/init.pp b/modules/krb/manifests/init.pp
deleted file mode 100644
index d6bad500e..000000000
--- a/modules/krb/manifests/init.pp
+++ /dev/null
@@ -1,54 +0,0 @@
-class krb {
-    package { "heimdal-clients": ensure => installed }
-
-    file {
-        "/etc/krb5.conf":
-            content => template("krb/krb5.conf.erb"),
-            require => Package["heimdal-clients"],
-            ;
-    }
-
-    case $hostname {
-        byrd,schuetz: {
-            @ferm::rule { "dsa-krb-kdc":
-                domain          => "(ip ip6)",
-                description  => "kerberos KDC",
-                rule         => "&TCP_UDP_SERVICE(kerberos)"
-            }
-        }
-    }
-
-    case $hostname {
-        byrd: {
-            @ferm::rule { "dsa-krb-ipropd":
-                domain       => "ip",
-                description  => "kerberos ipropd",
-                rule         => "&SERVICE_RANGE(tcp, iprop, 206.12.19.119)",
-            }
-            @ferm::rule { "dsa-krb-ipropd-v6":
-                domain       => 'ip6',
-                description  => "kerberos ipropd (IPv6)",
-                rule         => "&SERVICE_RANGE(tcp, iprop, 2607:f8f0:610:4000:216:36ff:fe40:380a)",
-            }
-            @ferm::rule { "dsa-krb-kpasswdd":
-                domain          => "(ip ip6)",
-                description  => "kerberos KDC",
-                rule         => "&SERVICE(udp, kpasswd)",
-            }
-            @ferm::rule { "dsa-krb-kadmind":
-                domain       => "ip",
-                description  => "kerberos kadmind access from draghi",
-                rule         => "&SERVICE_RANGE(tcp, kerberos-adm, 82.195.75.106)",
-            }
-            @ferm::rule { "dsa-krb-kadmind-v6":
-                domain       => "ip6",
-                description  => "kerberos kadmind access from draghi",
-                rule         => "&SERVICE_RANGE(tcp, kerberos-adm, 2001:41b8:202:deb:216:36ff:fe40:3906)",
-            }
-        }
-    }
-
-}
-# vim:set et:
-# vim:set sts=4 ts=4:
-# vim:set shiftwidth=4:
diff --git a/modules/krb/templates/krb5.conf.erb b/modules/krb/templates/krb5.conf.erb
deleted file mode 100644
index 5f8a664a5..000000000
--- a/modules/krb/templates/krb5.conf.erb
+++ /dev/null
@@ -1,68 +0,0 @@
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-[libdefaults]
-	default_realm = DEBIAN.ORG
-
-# The following krb5.conf variables are only for MIT Kerberos.
-	krb4_config = /etc/krb.conf
-	krb4_realms = /etc/krb.realms
-	kdc_timesync = 1
-	ccache_type = 4
-	forwardable = true
-	proxiable = true
-
-# The following encryption type specification will be used by MIT Kerberos
-# if uncommented.  In general, the defaults in the MIT Kerberos code are
-# correct and overriding these specifications only serves to disable new
-# encryption types as they are added, creating interoperability problems.
-#
-# Thie only time when you might need to uncomment these lines and change
-# the enctypes is if you have local software that will break on ticket
-# caches containing ticket encryption types it doesn't know about (such as
-# old versions of Sun Java).
-
-#	default_tgs_enctypes = des3-hmac-sha1
-#	default_tkt_enctypes = des3-hmac-sha1
-#	permitted_enctypes = des3-hmac-sha1
-
-# The following libdefaults parameters are only for Heimdal Kerberos.
-	v4_instance_resolve = false
-	v4_name_convert = {
-		host = {
-			rcmd = host
-			ftp = ftp
-		}
-		plain = {
-			something = something-else
-		}
-	}
-	fcc-mit-ticketflags = true
-
-[realms]
-	DEBIAN.ORG = {
-		kdc = 82.195.75.92                           # byrd
-		kdc = [2001:41b8:202:deb:216:36ff:fe40:3908] # byrd
-		kdc = 206.12.19.119                           # schuetz
-		kdc = [2607:f8f0:610:4000:216:36ff:fe40:380a] # schuetz
-		master_kdc = 82.195.75.92                           # byrd
-		master_kdc = [2001:41b8:202:deb:216:36ff:fe40:3908] # byrd
-		admin_server = 82.195.75.92                           # byrd
-		admin_server = [2001:41b8:202:deb:216:36ff:fe40:3908] # byrd
-	}
-
-[domain_realm]
-	.debian.org = DEBIAN.ORG
-
-[login]
-	krb4_convert = true
-	krb4_get_tickets = false
-
-<% if fqdn == "byrd.debian.org" -%>
-[password_quality]
-	policies = builtin:minimum-length external-check
-	min_length = 8
-	external_program = /etc/heimdal-kdc/heimdal-password-quality-check
-<% end -%>
-- 
2.20.1