|
|
@ -261,6 +261,8 @@ cryptography.")
|
|
|
|
(define (kdc-etc configuration)
|
|
|
|
(define (kdc-etc configuration)
|
|
|
|
`(("kdc.conf" ,(serialize-kdc-configuration configuration))))
|
|
|
|
`(("kdc.conf" ,(serialize-kdc-configuration configuration))))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
; TODO: have to stash the KDC master key with `KRB5_KDC_PROFILE=/etc/kdc.conf kdb5_util stash` on first boot
|
|
|
|
(define (kdc-shepherd configuration)
|
|
|
|
(define (kdc-shepherd configuration)
|
|
|
|
(list (shepherd-service (documentation "")
|
|
|
|
(list (shepherd-service (documentation "")
|
|
|
|
(provision '(krb5kdc))
|
|
|
|
(provision '(krb5kdc))
|
|
|
@ -278,8 +280,8 @@ cryptography.")
|
|
|
|
configuration)
|
|
|
|
configuration)
|
|
|
|
"/lib/krb5/plugins/kdb")
|
|
|
|
"/lib/krb5/plugins/kdb")
|
|
|
|
"KRB5_KDC_PROFILE=/etc/kdc.conf")
|
|
|
|
"KRB5_KDC_PROFILE=/etc/kdc.conf")
|
|
|
|
#:user "kerberos"
|
|
|
|
#:user "root"
|
|
|
|
#:group "kerberos"))
|
|
|
|
#:group "root"))
|
|
|
|
(stop #~(make-kill-destructor)))))
|
|
|
|
(stop #~(make-kill-destructor)))))
|
|
|
|
|
|
|
|
|
|
|
|
(define kdc-service-type
|
|
|
|
(define kdc-service-type
|
|
|
@ -299,6 +301,7 @@ cryptography.")
|
|
|
|
(operating-system
|
|
|
|
(operating-system
|
|
|
|
(inherit %metznet-base-server-system)
|
|
|
|
(inherit %metznet-base-server-system)
|
|
|
|
(host-name "kerberos-guix.metznet.ca")
|
|
|
|
(host-name "kerberos-guix.metznet.ca")
|
|
|
|
|
|
|
|
(packages (append (list mit-krb5-ldap) %metznet-base-packages))
|
|
|
|
(services
|
|
|
|
(services
|
|
|
|
(append (list (service kdc-service-type
|
|
|
|
(append (list (service kdc-service-type
|
|
|
|
(kdc-configuration (dbdefaults '("ldap_kerberos_container_dn = cn=kerberos,dc=metznet,dc=ca"))
|
|
|
|
(kdc-configuration (dbdefaults '("ldap_kerberos_container_dn = cn=kerberos,dc=metznet,dc=ca"))
|
|
|
|