Basic kerberos config

2022-03-21 12:21:22 +01:00 · 2022-03-21 12:21:22 +01:00 · 2bcd4152a9
commit 2bcd4152a9
parent 1680b2bc45
2 changed files with 36 additions and 1 deletions
--- a/nixos/big_data.nix
+++ b/nixos/big_data.nix
@ -92,8 +92,44 @@ in
        nodemanager.enable = true;
      };
    };
+
+    kerberos_server = {
+      enable = true;
+      realms."ATHENA.MIT.EDU" = {
+        acl = [
+          { access = "all"; principal = "*/admin"; }
+          { access = "all"; principal = "admin"; }
+        ];
+      };
+    };
  };

+  krb5 = {
+    enable = true;
+    realms."ATHENA.MIT.EDU" = {
+      admin_server = "localhost";
+      kdc = [
+        "localhost"
+      ];
+      kpasswd_server = "localhost";
+    };
+    domain_realm = {
+      ".athena.mit.edu" = "ATHENA.MIT.EDU";
+      "athena.mit.edu" = "ATHENA.MIT.EDU";
+    };
+    libdefaults = {
+      default_realm = "ATHENA.MIT.EDU";
+      dns_lookup_realm = false;
+      dns_lookup_kdc = false;
+    };
+    extraConfig = ''
+      [logging]
+        default = FILE:/var/log/krb5.log
+    '';
+  };
+
+
+
  systemd.services.spark-history = {
    path = with pkgs; [ procps openssh nettools ];
    description = "spark history service.";