Skip to content

Unprivileged user kerberos #1571

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wbclark wants to merge 11 commits into from
Closed

Unprivileged user kerberos #1571

wbclark wants to merge 11 commits into from

Conversation

@wbclark
Copy link
Contributor

@wbclark wbclark commented Sep 1, 2022

This builds on top of #1570 and adds capabilities to optionally install kerberos client packages, copy kerberos configuration from the host system, and copy credential cache from the host system. These features are opt-in; they are disabled by default.

@wbclark wbclark force-pushed the unprivileged_user_kerberos branch from 19106f6 to 8bc3978 Compare September 1, 2022 02:24
@wbclark wbclark marked this pull request as draft September 1, 2022 02:39
ekohl
ekohl requested changes Sep 1, 2022
View reviewed changes
roles/unprivileged_user/tasks/main.yml
state: present
when: ansible_os_family == "Debian"

- name: "Copy Kerberos client config from Host"
Copy link
Member

@ekohl ekohl Sep 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seriously feels out of scope for this role. Roles should be small and focused. When I read unprivileged_user I don't think it essentially means "reconfigure the whole system".

What I'd do is create a role to make the system a kerberos client, with an option to copy from the host. You can then combine those in a playbook. Composition is a great thing and playbooks are the right place for that.

Copy link
Contributor Author

@wbclark wbclark Sep 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With the default parameter values, the behavior is exactly the same because none of the extra tasks here will run. But I don't mind extracting it out into a separate role to keep things organized.

@wbclark
Copy link
Contributor Author

wbclark commented Sep 5, 2022

Closing in favor of #1574

@wbclark wbclark closed this Sep 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ekohl ekohl ekohl requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wbclark @ekohl