The main goal for this task is to allow the creation of testing infrastructures via Pontoon in which a full kerberos stack is bootstrapped. The current set up doesn't allow this since multiple manual steps are needed:
- Every new user gets a krb principal, and one SRE needs to run a script like the following on krb1001 to create it: sudo manage_principals.py create batman --email_address=etc..@wikimedia.org.
- Every daemon that needs to authenticate via kerberos needs a keytab, that is generated on krb1001 via generate_keytabs.py and rsynced manually to the puppet private repository (and committed to it).
The more we automate the better :)