roles/kerberos: Configure mit-krb5

The *kerberos* role configures the MIT Kerberos library.  Specifically,
it creates `/etc/krb5.conf` and populates it with some basic default
options. It also creates the `/etc/krb5.conf.d` directory, into which
other roles can write additional configuration files.

roles/kerberos/defaults/main.yml

@@ -0,0 +1,6 @@
+krb5_dns_lookup_realm: false
+krb5_ticket_lifetime: 24h
+krb5_renew_lifetime: 7d
+krb5_forwardable: true
+krb5_rdns: false
+krb5_default_ccache_name: KEYRING:persistent:%{uid}

roles/kerberos/tasks/main.yml

@@ -0,0 +1,9 @@
+- name: ensure main kerberos configuration is set
+  template:
+    src=krb5.conf.j2
+    dest=/etc/krb5.conf
+- name: ensure kerberos configuration drop-in directory exists
+  file:
+    path=/etc/krb5.conf.d
+    mode=0755
+    state=directory

roles/kerberos/templates/krb5.conf.j2

@@ -0,0 +1,14 @@
+includedir /etc/krb5.conf.d/
+
+[logging]
+default = FILE:/var/log/krb5libs.log
+kdc = FILE:/var/log/krb5kdc.log
+admin_server = FILE:/var/log/kadmind.log
+
+[libdefaults]
+dns_lookup_realm = {{ krb5_dns_lookup_realm|bool|string|lower }}
+ticket_lifetime = {{ krb5_ticket_lifetime }}
+renew_lifetime = {{ krb5_renew_lifetime }}
+forwardable = {{ krb5_forwardable|bool|string|lower }}
+rdns = {{ krb5_rdns|bool|string|lower }}
+default_ccache_name = {{ krb5_default_ccache_name }}