diff --git a/hosts/bekkalokk/configuration.nix b/hosts/bekkalokk/configuration.nix index 358c43e..f92eee7 100644 --- a/hosts/bekkalokk/configuration.nix +++ b/hosts/bekkalokk/configuration.nix @@ -5,6 +5,7 @@ ../../base.nix ../../misc/metrics-exporters.nix + ../../modules/kerberos_auth.nix #./services/keycloak.nix diff --git a/modules/kerberos_auth.nix b/modules/kerberos_auth.nix new file mode 100644 index 0000000..015c2ca --- /dev/null +++ b/modules/kerberos_auth.nix @@ -0,0 +1,25 @@ +{ pkgs, lib, ... }: +{ + environment.systemPackages = with pkgs; [ + heimdal + ]; + + security.pam.krb5.enable = true; + + environment.etc."krb5.conf".text = '' + [libdefaults] + default_realm = PVV.NTNU.NO + dns_lookup_realm = yes + dns_lookup_kdc = yes + + [appdefaults] + pam = { + ignore_k5login = yes + } + + [realms] + PVV.NTNU.NO = { + admin_server = kdc.pvv.ntnu.no + } + ''; +}