diff options
| author | sef <sef@FreeBSD.org> | 1997-11-07 20:45:48 +0000 |
|---|---|---|
| committer | sef <sef@FreeBSD.org> | 1997-11-07 20:45:48 +0000 |
| commit | 5cb2a472c9a3fdbbaa75efe5afcdc62cc8710007 (patch) | |
| tree | a38e2586a212382561d7a938eabc6e016b6251ee | |
| parent | a44ce4640cf6552a1837b693e2990e84afdbb74a (diff) | |
| download | FreeBSD-src-5cb2a472c9a3fdbbaa75efe5afcdc62cc8710007.zip FreeBSD-src-5cb2a472c9a3fdbbaa75efe5afcdc62cc8710007.tar.gz | |
Allow the system to be configured to pass "-n" to kerberos and
kadmind or not; also, only run kadmind on a non-slave server. Man
page for rc.conf is also updated.
Reviewed by: Mark Murray
| -rw-r--r-- | etc/network.subr | 17 | ||||
| -rw-r--r-- | etc/rc.conf | 5 | ||||
| -rw-r--r-- | etc/rc.d/netoptions | 17 | ||||
| -rw-r--r-- | etc/rc.d/network1 | 17 | ||||
| -rw-r--r-- | etc/rc.d/network2 | 17 | ||||
| -rw-r--r-- | etc/rc.d/network3 | 17 | ||||
| -rw-r--r-- | etc/rc.d/routing | 17 | ||||
| -rw-r--r-- | etc/rc.network | 17 | ||||
| -rw-r--r-- | share/man/man5/rc.conf.5 | 22 |
9 files changed, 116 insertions, 30 deletions
diff --git a/etc/network.subr b/etc/network.subr index 8199371..5eeffb3 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.10 1997/09/11 10:59:02 danny Exp $ +# $Id: rc.network,v 1.11 1997/09/18 22:43:48 danny Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -222,9 +222,18 @@ network_pass3() { # Kerberos runs ONLY on the Kerberos server machine if [ "X${kerberos_server_enable}" = X"YES" ]; then - echo -n ' kerberos'; kerberos >> /var/log/kerberos.log & - echo -n ' kadmind'; \ - (sleep 20; kadmind -n >/dev/null 2>&1 &) & + if [ "X${kerberos_stash}" = "XYES" ]; then + stash_flag=-n + else + stash_flag= + fi + echo -n ' kerberos'; \ + kerberos ${stash_flags} >> /var/log/kerberos.log & + if [ "X${kadmind_server_enable}" = "XYES" ]; then + echo -n ' kadmind'; \ + (sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) & + fi + unset stash_flag fi # IP multicast routing daemon diff --git a/etc/rc.conf b/etc/rc.conf index 296f8d0..6c0c8c5 100644 --- a/etc/rc.conf +++ b/etc/rc.conf @@ -6,7 +6,7 @@ # # All arguments must be in double or single quotes. # -# $Id: rc.conf,v 1.31 1997/10/18 10:11:04 jkh Exp $ +# $Id: rc.conf,v 1.32 1997/10/31 01:58:53 jdp Exp $ ############################################################## ### Important initial Boot-time options ##################### @@ -44,6 +44,9 @@ inetd_flags="" # Optional flags to inetd. named_enable="NO" # Run named, the DNS server (or NO). named_flags="-b /etc/namedb/named.boot" # Flags to named (if enabled). kerberos_server_enable="NO" # Run a kerberos master server (or NO). +kadmind_server_enable="NO" # Run kadmind (or NO) -- do not run on + # a slave kerberos server +kerberos_stash="" # Is the kerberos master key stashed? rwhod_enable="NO" # Run the rwho daemon (or NO). amd_enable="NO" # Run amd service with $amd_flags (or NO). amd_flags="-a /net -c 1800 -k i386 -d my.domain -l syslog /host /etc/amd.map" diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions index 8199371..5eeffb3 100644 --- a/etc/rc.d/netoptions +++ b/etc/rc.d/netoptions @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.10 1997/09/11 10:59:02 danny Exp $ +# $Id: rc.network,v 1.11 1997/09/18 22:43:48 danny Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -222,9 +222,18 @@ network_pass3() { # Kerberos runs ONLY on the Kerberos server machine if [ "X${kerberos_server_enable}" = X"YES" ]; then - echo -n ' kerberos'; kerberos >> /var/log/kerberos.log & - echo -n ' kadmind'; \ - (sleep 20; kadmind -n >/dev/null 2>&1 &) & + if [ "X${kerberos_stash}" = "XYES" ]; then + stash_flag=-n + else + stash_flag= + fi + echo -n ' kerberos'; \ + kerberos ${stash_flags} >> /var/log/kerberos.log & + if [ "X${kadmind_server_enable}" = "XYES" ]; then + echo -n ' kadmind'; \ + (sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) & + fi + unset stash_flag fi # IP multicast routing daemon diff --git a/etc/rc.d/network1 b/etc/rc.d/network1 index 8199371..5eeffb3 100644 --- a/etc/rc.d/network1 +++ b/etc/rc.d/network1 @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.10 1997/09/11 10:59:02 danny Exp $ +# $Id: rc.network,v 1.11 1997/09/18 22:43:48 danny Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -222,9 +222,18 @@ network_pass3() { # Kerberos runs ONLY on the Kerberos server machine if [ "X${kerberos_server_enable}" = X"YES" ]; then - echo -n ' kerberos'; kerberos >> /var/log/kerberos.log & - echo -n ' kadmind'; \ - (sleep 20; kadmind -n >/dev/null 2>&1 &) & + if [ "X${kerberos_stash}" = "XYES" ]; then + stash_flag=-n + else + stash_flag= + fi + echo -n ' kerberos'; \ + kerberos ${stash_flags} >> /var/log/kerberos.log & + if [ "X${kadmind_server_enable}" = "XYES" ]; then + echo -n ' kadmind'; \ + (sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) & + fi + unset stash_flag fi # IP multicast routing daemon diff --git a/etc/rc.d/network2 b/etc/rc.d/network2 index 8199371..5eeffb3 100644 --- a/etc/rc.d/network2 +++ b/etc/rc.d/network2 @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.10 1997/09/11 10:59:02 danny Exp $ +# $Id: rc.network,v 1.11 1997/09/18 22:43:48 danny Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -222,9 +222,18 @@ network_pass3() { # Kerberos runs ONLY on the Kerberos server machine if [ "X${kerberos_server_enable}" = X"YES" ]; then - echo -n ' kerberos'; kerberos >> /var/log/kerberos.log & - echo -n ' kadmind'; \ - (sleep 20; kadmind -n >/dev/null 2>&1 &) & + if [ "X${kerberos_stash}" = "XYES" ]; then + stash_flag=-n + else + stash_flag= + fi + echo -n ' kerberos'; \ + kerberos ${stash_flags} >> /var/log/kerberos.log & + if [ "X${kadmind_server_enable}" = "XYES" ]; then + echo -n ' kadmind'; \ + (sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) & + fi + unset stash_flag fi # IP multicast routing daemon diff --git a/etc/rc.d/network3 b/etc/rc.d/network3 index 8199371..5eeffb3 100644 --- a/etc/rc.d/network3 +++ b/etc/rc.d/network3 @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.10 1997/09/11 10:59:02 danny Exp $ +# $Id: rc.network,v 1.11 1997/09/18 22:43:48 danny Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -222,9 +222,18 @@ network_pass3() { # Kerberos runs ONLY on the Kerberos server machine if [ "X${kerberos_server_enable}" = X"YES" ]; then - echo -n ' kerberos'; kerberos >> /var/log/kerberos.log & - echo -n ' kadmind'; \ - (sleep 20; kadmind -n >/dev/null 2>&1 &) & + if [ "X${kerberos_stash}" = "XYES" ]; then + stash_flag=-n + else + stash_flag= + fi + echo -n ' kerberos'; \ + kerberos ${stash_flags} >> /var/log/kerberos.log & + if [ "X${kadmind_server_enable}" = "XYES" ]; then + echo -n ' kadmind'; \ + (sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) & + fi + unset stash_flag fi # IP multicast routing daemon diff --git a/etc/rc.d/routing b/etc/rc.d/routing index 8199371..5eeffb3 100644 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.10 1997/09/11 10:59:02 danny Exp $ +# $Id: rc.network,v 1.11 1997/09/18 22:43:48 danny Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -222,9 +222,18 @@ network_pass3() { # Kerberos runs ONLY on the Kerberos server machine if [ "X${kerberos_server_enable}" = X"YES" ]; then - echo -n ' kerberos'; kerberos >> /var/log/kerberos.log & - echo -n ' kadmind'; \ - (sleep 20; kadmind -n >/dev/null 2>&1 &) & + if [ "X${kerberos_stash}" = "XYES" ]; then + stash_flag=-n + else + stash_flag= + fi + echo -n ' kerberos'; \ + kerberos ${stash_flags} >> /var/log/kerberos.log & + if [ "X${kadmind_server_enable}" = "XYES" ]; then + echo -n ' kadmind'; \ + (sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) & + fi + unset stash_flag fi # IP multicast routing daemon diff --git a/etc/rc.network b/etc/rc.network index 8199371..5eeffb3 100644 --- a/etc/rc.network +++ b/etc/rc.network @@ -1,6 +1,6 @@ #!/bin/sh - # -# $Id: rc.network,v 1.10 1997/09/11 10:59:02 danny Exp $ +# $Id: rc.network,v 1.11 1997/09/18 22:43:48 danny Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in @@ -222,9 +222,18 @@ network_pass3() { # Kerberos runs ONLY on the Kerberos server machine if [ "X${kerberos_server_enable}" = X"YES" ]; then - echo -n ' kerberos'; kerberos >> /var/log/kerberos.log & - echo -n ' kadmind'; \ - (sleep 20; kadmind -n >/dev/null 2>&1 &) & + if [ "X${kerberos_stash}" = "XYES" ]; then + stash_flag=-n + else + stash_flag= + fi + echo -n ' kerberos'; \ + kerberos ${stash_flags} >> /var/log/kerberos.log & + if [ "X${kadmind_server_enable}" = "XYES" ]; then + echo -n ' kadmind'; \ + (sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) & + fi + unset stash_flag fi # IP multicast routing daemon diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index efe54dd..773da7f 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: rc.conf.5,v 1.4 1997/10/20 08:37:59 danny Exp $ +.\" $Id: rc.conf.5,v 1.5 1997/11/02 21:45:31 jdp Exp $ .\" .Dd April 26, 1997 .Dt RC.CONF 5 @@ -204,6 +204,26 @@ these are the flags to pass to .Ar YES if you want to run a Kerberos authentication server at boot time. +.It Ar kadmind_server_enable +.Ar YES +if you want to run +.Xr kadmind 8 +the Kerberos Administration Daemon); set to +.Ar NO +on a slave server. +.It Ar kerberos_stash +(str) +If +.Ar YES , +instruct the Kerberos servers to use the stashed master key instead of +prompting for it (only if +.Ar kerberos_server_enable +is set to +.Ar YES , +and is used for both +.Xr kerberos 1 +and +.Xr kadmind 8 ). .It Ar rwhod_enable (bool) If set to .Ar YES , |
