WIP: kerberos

This commit is contained in:
Oystein Kristoffer Tveit 2023-12-03 05:46:27 +01:00
parent 28e3f5672c
commit fc1b7db291
2 changed files with 26 additions and 0 deletions

View File

@ -5,6 +5,7 @@
../../base.nix
../../misc/metrics-exporters.nix
../../modules/kerberos_auth.nix
#./services/keycloak.nix

25
modules/kerberos_auth.nix Normal file
View File

@ -0,0 +1,25 @@
{ pkgs, lib, ... }:
{
environment.systemPackages = with pkgs; [
heimdal
];
security.pam.krb5.enable = true;
environment.etc."krb5.conf".text = ''
[libdefaults]
default_realm = PVV.NTNU.NO
dns_lookup_realm = yes
dns_lookup_kdc = yes
[appdefaults]
pam = {
ignore_k5login = yes
}
[realms]
PVV.NTNU.NO = {
admin_server = kdc.pvv.ntnu.no
}
'';
}