From 3b226aa8f0bc475142c438e8748ae390f5db7a37 Mon Sep 17 00:00:00 2001 From: Mike Gabriel Date: Tue, 4 Jan 2022 09:14:07 +0100 Subject: mainserver: Provide gosa-*-host hook script extension that collects Krb5 host keytabs of diskless workstation hosts in a separate folder and makes those (theoretically, if used) available to diskless workstations via SSH as unprivileged user. --- share/debian-edu-config/tools/gosa-create-host-itzks | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'share/debian-edu-config/tools/gosa-create-host-itzks') diff --git a/share/debian-edu-config/tools/gosa-create-host-itzks b/share/debian-edu-config/tools/gosa-create-host-itzks index ae484b0..0ad0d51 100755 --- a/share/debian-edu-config/tools/gosa-create-host-itzks +++ b/share/debian-edu-config/tools/gosa-create-host-itzks @@ -7,6 +7,16 @@ HOST="${1}" # call Debian Edu's gosa-create-host /usr/share/debian-edu-config/tools/gosa-create-host ${@} +# During creation of a host, we should ideally call update-dlw-krb5-keytabs-itzks +# here already. However, it is not possible to add a NIS netgroup tab to a +# GOsa² system before the system object (and the additional DNS bits) has/have +# been created. So, calling the update-dlw-krb5-keytabs-itzks script +# makes no sense here... + +# FIXME: And: it would be really helpful to have POST-action hooks available for +# NIS netgroups... In case people don't edit hosts individually, but prefer +# mass-adding hosts to the diskless-workstation-hosts NIS netgroup. + # ITZkS: assure that host keytabs are readable by puppet chown :puppet /etc/debian-edu/host-keytabs/*.keytab chmod 0640 /etc/debian-edu/host-keytabs/*.keytab -- cgit v1.2.3