From 73f104031f9242b9ce9bcfcb191fb6861c5b5e4c Mon Sep 17 00:00:00 2001
From: Eric Renfro <psi-jack@linux-help.org>
Date: Sat, 16 Jul 2016 19:08:11 -0400
Subject: [PATCH] Added admin.password file for escelating kerberos auth

---
 metadata.rb                          | 2 +-
 recipes/server.rb                    | 9 +++++++++
 templates/default/admin.password.erb | 1 +
 3 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 templates/default/admin.password.erb

diff --git a/metadata.rb b/metadata.rb
index a8d9805..79e4f9d 100644
--- a/metadata.rb
+++ b/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email 'psi-jack@linux-help.org'
 license          'GPLv3'
 description      'Installs/Configures freeipa'
 long_description 'Installs/Configures freeipa'
-version          '0.1.0'
+version          '0.1.1'
 
 depends 'ohai'
 depends 'chef-vault'
diff --git a/recipes/server.rb b/recipes/server.rb
index 327b7cf..3d937a8 100644
--- a/recipes/server.rb
+++ b/recipes/server.rb
@@ -169,7 +169,16 @@ else
     command cmd
     ignore_failure true
   end
+end
 
+template '/etc/ipa/admin.password' do
+  source	'admin.password.erb'
+  user		'root'
+  group		'root'
+  mode		'0600'
+  variables	(
+		password => passwords['ipa_user_pwd']
+  )
 end
 
 ##### services
diff --git a/templates/default/admin.password.erb b/templates/default/admin.password.erb
new file mode 100644
index 0000000..6518912
--- /dev/null
+++ b/templates/default/admin.password.erb
@@ -0,0 +1 @@
+<%= password -%>