mainserver: Provide gosa-*-host hook script extension that collects Krb5 host keytabs of diskless workstation hosts in a separate folder and makes those (theoretically, if used) available to diskless workstations via SSH as unprivileged user.

1 files changed, 10 insertions, 0 deletions

diff --git a/share/debian-edu-config/tools/gosa-create-host-itzks b/share/debian-edu-config/tools/gosa-create-host-itzks
index ae484b0..0ad0d51 100755
--- a/share/debian-edu-config/tools/gosa-create-host-itzks
+++ b/share/debian-edu-config/tools/gosa-create-host-itzks
@@ -7,6 +7,16 @@ HOST="${1}"
 # call Debian Edu's gosa-create-host
 /usr/share/debian-edu-config/tools/gosa-create-host ${@}
 
+# During creation of a host, we should ideally call update-dlw-krb5-keytabs-itzks
+# here already. However, it is not possible to add a NIS netgroup tab to a 
+# GOsa² system before the system object (and the additional DNS bits) has/have
+# been created. So, calling the update-dlw-krb5-keytabs-itzks script
+# makes no sense here...
+
+# FIXME: And: it would be really helpful to have POST-action hooks available for
+# NIS netgroups... In case people don't edit hosts individually, but prefer
+# mass-adding hosts to the diskless-workstation-hosts NIS netgroup.
+
 # ITZkS: assure that host keytabs are readable by puppet
 chown :puppet /etc/debian-edu/host-keytabs/*.keytab
 chmod 0640 /etc/debian-edu/host-keytabs/*.keytab