salt.modules.kerberos
Manage Kerberos KDC
- configuration
-
In order to manage your KDC you will need to generate a keytab that can authenticate without requiring a password.
# ktadd -k /root/secure.keytab kadmin/admin kadmin/changepw
On the KDC minion you will need to add the following to the minion configuration file so Salt knows what keytab to use and what principal to authenticate as.
auth_keytab: /root/auth.keytab auth_principal: kadmin/admin
-
Create keytab
CLI Example:
salt 'kdc.example.com' kerberos.create_keytab host/host1.example.com host1.example.com.keytab
salt.modules.kerberos.create_keytab(name, keytab, enctypes=None)
-
Create Principal
CLI Example:
salt 'kdc.example.com' kerberos.create_principal host/example.com
salt.modules.kerberos.create_principal(name, enctypes=None)
-
Delete Principal
CLI Example:
salt 'kdc.example.com' kerberos.delete_principal host/[email protected]
salt.modules.kerberos.delete_principal(name)
-
Get policy details
CLI Example:
salt 'kdc.example.com' kerberos.get_policy my_policy
salt.modules.kerberos.get_policy(name)
-
Get princial details
CLI Example:
salt 'kdc.example.com' kerberos.get_principal root/admin
salt.modules.kerberos.get_principal(name)
-
Current privileges
CLI Example:
salt 'kdc.example.com' kerberos.get_privs
salt.modules.kerberos.get_privs()
-
List policies
CLI Example:
salt 'kdc.example.com' kerberos.list_policies
salt.modules.kerberos.list_policies()
-
Get all principals
CLI Example:
salt 'kde.example.com' kerberos.list_principals
salt.modules.kerberos.list_principals()
© 2021 SaltStack.
Licensed under the Apache License, Version 2.0.
https://docs.saltproject.io/en/latest/ref/modules/all/salt.modules.kerberos.html