salt.modules.kerberos

Manage Kerberos KDC

configuration

In order to manage your KDC you will need to generate a keytab that can authenticate without requiring a password.

# ktadd -k /root/secure.keytab kadmin/admin kadmin/changepw

On the KDC minion you will need to add the following to the minion configuration file so Salt knows what keytab to use and what principal to authenticate as.

auth_keytab: /root/auth.keytab
auth_principal: kadmin/admin
salt.modules.kerberos.create_keytab(name, keytab, enctypes=None)

Create keytab

CLI Example:

salt 'kdc.example.com' kerberos.create_keytab host/host1.example.com host1.example.com.keytab
salt.modules.kerberos.create_principal(name, enctypes=None)

Create Principal

CLI Example:

salt 'kdc.example.com' kerberos.create_principal host/example.com
salt.modules.kerberos.delete_principal(name)

Delete Principal

CLI Example:

salt 'kdc.example.com' kerberos.delete_principal host/example.com@EXAMPLE.COM
salt.modules.kerberos.get_policy(name)

Get policy details

CLI Example:

salt 'kdc.example.com' kerberos.get_policy my_policy
salt.modules.kerberos.get_principal(name)

Get princial details

CLI Example:

salt 'kdc.example.com' kerberos.get_principal root/admin
salt.modules.kerberos.get_privs()

Current privileges

CLI Example:

salt 'kdc.example.com' kerberos.get_privs
salt.modules.kerberos.list_policies()

List policies

CLI Example:

salt 'kdc.example.com' kerberos.list_policies
salt.modules.kerberos.list_principals()

Get all principals

CLI Example:

salt 'kde.example.com' kerberos.list_principals

Generated on June 18, 2020 at 04:09:58 UTC.

You are viewing docs for the latest stable release, 3001. Switch to docs for the previous stable release, 3000.3, or to a recent doc build from the master branch.


saltstack.com

© 2020 SaltStack. All Rights Reserved, SaltStack Inc. | Privacy Policy