From a65a7abfe77cfb79e37053da75526583128223d7 Mon Sep 17 00:00:00 2001
From: Hinrikus Wolf <hinrikus@fsmpi.rwth-aachen.de>
Date: Mon, 20 Aug 2018 10:54:43 +0200
Subject: [PATCH] ad-auth: add cronjob which news krb-keys every day

---
 ad-auth/tasks/sssd.yml          | 11 +++++++++++
 ad-auth/templates/renew_krb5.j2 |  1 +
 2 files changed, 12 insertions(+)
 create mode 100644 ad-auth/templates/renew_krb5.j2

diff --git a/ad-auth/tasks/sssd.yml b/ad-auth/tasks/sssd.yml
index ce36186..3d65f58 100644
--- a/ad-auth/tasks/sssd.yml
+++ b/ad-auth/tasks/sssd.yml
@@ -73,3 +73,14 @@
     - sssd
     - service
 
+- name: ensure we have a cronjob which renews krb credenitials once a day
+  template:
+    src: templates/renew_krb5.j2
+    dest: /etc/cron.daily/renew_krb5
+    mode: 0755
+    owner: root
+    group: root
+  tags:
+    - sssd
+
+
diff --git a/ad-auth/templates/renew_krb5.j2 b/ad-auth/templates/renew_krb5.j2
new file mode 100644
index 0000000..bafb8e8
--- /dev/null
+++ b/ad-auth/templates/renew_krb5.j2
@@ -0,0 +1 @@
+/usr/sbin/adcli update -D {{ domain }}
-- 
GitLab