share/debian-edu-config/tools/gosa-*-host-itzks: Ship wrappers for Debian Edu's GOsa² hooks gosa-create-host and gosa-modify-host. We need assure file permissions on the created keytabs, so that puppet can read them.

2 files changed, 35 insertions, 0 deletions

diff --git a/share/debian-edu-config/tools/gosa-create-host-itzks b/share/debian-edu-config/tools/gosa-create-host-itzks
new file mode 100755
index 0000000..ae484b0
--- /dev/null
+++ b/share/debian-edu-config/tools/gosa-create-host-itzks
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -e
+
+HOST="${1}"
+
+# call Debian Edu's gosa-create-host
+/usr/share/debian-edu-config/tools/gosa-create-host ${@}
+
+# ITZkS: assure that host keytabs are readable by puppet
+chown :puppet /etc/debian-edu/host-keytabs/*.keytab
+chmod 0640 /etc/debian-edu/host-keytabs/*.keytab
+
+exit 0
diff --git a/share/debian-edu-config/tools/gosa-modify-host-itzks b/share/debian-edu-config/tools/gosa-modify-host-itzks
new file mode 100755
index 0000000..9d053e6
--- /dev/null
+++ b/share/debian-edu-config/tools/gosa-modify-host-itzks
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -e
+
+HOST="${1}"
+
+# FIXME: bluntly assuming domain .intern here...
+
+# call Debian Edu's gosa-create-host
+if ! LANG=C kadmin.local -q "get_principal host/$HOST.intern" 2>/dev/null  | grep -q "^Principal: host/$HOST.intern@.*" && \
+   ! LANG=C kadmin.local -q "get_principal nfs/$HOST.intern" 2>/dev/null  | grep -q "^Principal: nfs/$HOST.intern@.*"; then
+
+	/usr/share/debian-edu-config/tools/gosa-modify-host ${@}
+
+fi
+
+# ITZkS: assure that host keytabs are readable by puppet
+chown :puppet /etc/debian-edu/host-keytabs/*.keytab
+chmod 0640 /etc/debian-edu/host-keytabs/*.keytab
+
+exit 0