Got kerberos.metznet.ca working(sans ldaps)

master
noah metz 2023-11-30 02:56:38 -07:00
parent 580b8f642b
commit 04fb1b50a6
1 changed files with 5 additions and 2 deletions

@ -261,6 +261,8 @@ cryptography.")
(define (kdc-etc configuration) (define (kdc-etc configuration)
`(("kdc.conf" ,(serialize-kdc-configuration configuration)))) `(("kdc.conf" ,(serialize-kdc-configuration configuration))))
; TODO: have to stash the KDC master key with `KRB5_KDC_PROFILE=/etc/kdc.conf kdb5_util stash` on first boot
(define (kdc-shepherd configuration) (define (kdc-shepherd configuration)
(list (shepherd-service (documentation "") (list (shepherd-service (documentation "")
(provision '(krb5kdc)) (provision '(krb5kdc))
@ -278,8 +280,8 @@ cryptography.")
configuration) configuration)
"/lib/krb5/plugins/kdb") "/lib/krb5/plugins/kdb")
"KRB5_KDC_PROFILE=/etc/kdc.conf") "KRB5_KDC_PROFILE=/etc/kdc.conf")
#:user "kerberos" #:user "root"
#:group "kerberos")) #:group "root"))
(stop #~(make-kill-destructor))))) (stop #~(make-kill-destructor)))))
(define kdc-service-type (define kdc-service-type
@ -299,6 +301,7 @@ cryptography.")
(operating-system (operating-system
(inherit %metznet-base-server-system) (inherit %metznet-base-server-system)
(host-name "kerberos-guix.metznet.ca") (host-name "kerberos-guix.metznet.ca")
(packages (append (list mit-krb5-ldap) %metznet-base-packages))
(services (services
(append (list (service kdc-service-type (append (list (service kdc-service-type
(kdc-configuration (dbdefaults '("ldap_kerberos_container_dn = cn=kerberos,dc=metznet,dc=ca")) (kdc-configuration (dbdefaults '("ldap_kerberos_container_dn = cn=kerberos,dc=metznet,dc=ca"))