From ec13120eef19ea677c20c0ee0125d512e9033ed8 Mon Sep 17 00:00:00 2001
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Tue, 4 Jan 2022 08:37:32 +0100
Subject: =?UTF-8?q?share/debian-edu-config/tools/gosa-*-host-itzks:=20Ship?=
 =?UTF-8?q?=20wrappers=20for=20Debian=20Edu's=20GOsa=C2=B2=20hooks=20gosa-?=
 =?UTF-8?q?create-host=20and=20gosa-modify-host.=20We=20need=20assure=20fi?=
 =?UTF-8?q?le=20permissions=20on=20the=20created=20keytabs,=20so=20that=20?=
 =?UTF-8?q?puppet=20can=20read=20them.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../debian-edu-config/tools/gosa-create-host-itzks  | 14 ++++++++++++++
 .../debian-edu-config/tools/gosa-modify-host-itzks  | 21 +++++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100755 share/debian-edu-config/tools/gosa-create-host-itzks
 create mode 100755 share/debian-edu-config/tools/gosa-modify-host-itzks

(limited to 'share/debian-edu-config')

diff --git a/share/debian-edu-config/tools/gosa-create-host-itzks b/share/debian-edu-config/tools/gosa-create-host-itzks
new file mode 100755
index 0000000..ae484b0
--- /dev/null
+++ b/share/debian-edu-config/tools/gosa-create-host-itzks
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -e
+
+HOST="${1}"
+
+# call Debian Edu's gosa-create-host
+/usr/share/debian-edu-config/tools/gosa-create-host ${@}
+
+# ITZkS: assure that host keytabs are readable by puppet
+chown :puppet /etc/debian-edu/host-keytabs/*.keytab
+chmod 0640 /etc/debian-edu/host-keytabs/*.keytab
+
+exit 0
diff --git a/share/debian-edu-config/tools/gosa-modify-host-itzks b/share/debian-edu-config/tools/gosa-modify-host-itzks
new file mode 100755
index 0000000..9d053e6
--- /dev/null
+++ b/share/debian-edu-config/tools/gosa-modify-host-itzks
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -e
+
+HOST="${1}"
+
+# FIXME: bluntly assuming domain .intern here...
+
+# call Debian Edu's gosa-create-host
+if ! LANG=C kadmin.local -q "get_principal host/$HOST.intern" 2>/dev/null  | grep -q "^Principal: host/$HOST.intern@.*" && \
+   ! LANG=C kadmin.local -q "get_principal nfs/$HOST.intern" 2>/dev/null  | grep -q "^Principal: nfs/$HOST.intern@.*"; then
+
+	/usr/share/debian-edu-config/tools/gosa-modify-host ${@}
+
+fi
+
+# ITZkS: assure that host keytabs are readable by puppet
+chown :puppet /etc/debian-edu/host-keytabs/*.keytab
+chmod 0640 /etc/debian-edu/host-keytabs/*.keytab
+
+exit 0
-- 
cgit v1.2.3