summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSuren A. Chilingaryan <csa@suren.me>2019-10-11 07:35:35 +0200
committerSuren A. Chilingaryan <csa@suren.me>2019-10-11 07:35:35 +0200
commit15890ccdef55168e9753ff6957ce64096837c627 (patch)
treebe56c51121d2a4e69786d50ead6bcdc4d2780a24
parentc8bef61fb036787da32ec1a12d51fad69b8b626b (diff)
downloaditm-15890ccdef55168e9753ff6957ce64096837c627.tar.gz
itm-15890ccdef55168e9753ff6957ce64096837c627.tar.bz2
itm-15890ccdef55168e9753ff6957ce64096837c627.tar.xz
itm-15890ccdef55168e9753ff6957ce64096837c627.zip
Allow kerberos authentication with short (non-FQDN) names
-rw-r--r--roles/ands_idm/handlers/main.yml2
-rw-r--r--roles/ands_idm/tasks/setup_ipa.yml6
2 files changed, 7 insertions, 1 deletions
diff --git a/roles/ands_idm/handlers/main.yml b/roles/ands_idm/handlers/main.yml
new file mode 100644
index 0000000..a83718c
--- /dev/null
+++ b/roles/ands_idm/handlers/main.yml
@@ -0,0 +1,2 @@
+- name: restart sssd
+ shell: systemctl restart sssd
diff --git a/roles/ands_idm/tasks/setup_ipa.yml b/roles/ands_idm/tasks/setup_ipa.yml
index 06fe6da..7641670 100644
--- a/roles/ands_idm/tasks/setup_ipa.yml
+++ b/roles/ands_idm/tasks/setup_ipa.yml
@@ -16,5 +16,9 @@
command: "/usr/sbin/ipa-client-install -p admin -w {{ config.ands_idm_admin_password | quote }} --hostname={{ hostname.stdout }} --domain={{ ands_domain }} --server={{ ands_idm_server }} --enable-dns-updates --mkhomedir --request-cert --unattended"
when:
- ipa_check.rc != 0
-
+# This may break krb authentication for users with exsiting tickets all together until idm server is restarted
+- name: "Enable hostname canonicalization"
+ lineinfile: path="/etc/krb5.conf" regexp="dns_canonicalize_hostname" line=" dns_canonicalize_hostname = true" state="present"
+ notify:
+ - restart sssd