roles/krb5: New krb5_no_default_domain setting

5f17e9a7 · Thomas Woerner · e65ba14e · 5f17e9a7 · 5f17e9a7 · 5f17e9a7
Commit 5f17e9a7 authored 7 years ago by Thomas Woerner
--- a/roles/krb5/defaults/main.yml
+++ b/roles/krb5/defaults/main.yml
@@ -8,6 +8,7 @@ krb5_realm:
 krb5_servers:
 krb5_dns_lookup_realm: "false"
 krb5_dns_lookup_kdc: "false"
+krb5_no_default_domain: "false"
 krb5_default_ccache_name: KEYRING:persistent:%{uid}
 krb5_pkinit_anchors: FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem

--- a/roles/krb5/tasks/main.yml
+++ b/roles/krb5/tasks/main.yml
@@ -13,8 +13,9 @@
 - name: Template krb5.conf
  template:
    src: krb5.conf.j2
-    dest: /etc/krb5.conf
+    dest: "{{ krb5_conf }}"
-    backup: yes
+    backup: no
    owner: root
    group: root
    mode: 0644
+    force: yes
\ No newline at end of file
--- a/roles/krb5/templates/krb5.conf.j2
+++ b/roles/krb5/templates/krb5.conf.j2
@@ -20,7 +20,9 @@ includedir {{ krb5_include_d }}
    admin_server = {{ server }}:749
    kpasswd_server = {{ server }}:464
 {% endfor %}
+{% if krb5_no_default_domain | bool %}
    default_domain = {{ krb5_realm | lower }}
+{% endif %}
    pkinit_anchors = {{ krb5_pkinit_anchors }}
    pkinit_pool = {{ krb5_pkinit_pool }}
  }