diff options
author | hrs <hrs@FreeBSD.org> | 2014-08-29 07:51:47 +0000 |
---|---|---|
committer | hrs <hrs@FreeBSD.org> | 2014-08-29 07:51:47 +0000 |
commit | 1937276d51048d9c8860de1841030471d0abce1b (patch) | |
tree | d3340f7bff2880666bf73685b51d33338b685009 /etc | |
parent | 0a12d6abf032ff89f34c9d605c6d467eae2ed916 (diff) | |
download | FreeBSD-src-1937276d51048d9c8860de1841030471d0abce1b.zip FreeBSD-src-1937276d51048d9c8860de1841030471d0abce1b.tar.gz |
Restructure rc.d scripts for kerberos5 daemons:
- Rename $kerberos5_server_enable with $kdc_enable and rename
rc.d/kerberos with rc.d/kdc.
- Rename $kadmin5_server_enable with $kadmind_enable.
- Rename ${kerberos5,kpasswdd}_server with ${kdc,kpasswdd}_program.
- Fix rc.d/{kadmind,kerberos,kpasswdd,kfd} scripts not to change variables
after load_rc_config().
- Add rc.d/ipropd_master and rc.d/ipropd_slave scripts. These are
for iprop-master(8) and iprop-slave(8). Keytab used for iprop service is
defined in ipropd_{master,slave}_keytab (/etc/krb5.keytab by default).
- Add dependency on rc.d/kdc to SERVERS. rc.d/kdc must be invoked as early
as possible before scripts divided by rc.d/SERVERS.
Note that changes to rc.d/{kdc,kpasswdd,kadmind} are backward-compatible
with the old configuration variables:
${kerberos5,kpasswdd,kadmin5}_server{,_enable,_flags}.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/defaults/rc.conf | 27 | ||||
-rw-r--r-- | etc/rc.d/Makefile | 4 | ||||
-rwxr-xr-x | etc/rc.d/SERVERS | 2 | ||||
-rwxr-xr-x | etc/rc.d/ipropd_master | 40 | ||||
-rwxr-xr-x | etc/rc.d/ipropd_slave | 32 | ||||
-rwxr-xr-x | etc/rc.d/kadmind | 28 | ||||
-rwxr-xr-x | etc/rc.d/kdc | 27 | ||||
-rwxr-xr-x | etc/rc.d/kerberos | 17 | ||||
-rwxr-xr-x | etc/rc.d/kfd | 12 | ||||
-rwxr-xr-x | etc/rc.d/kpasswdd | 26 |
10 files changed, 167 insertions, 48 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 7c7d899..190bb9c 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -271,15 +271,28 @@ local_unbound_enable="NO" # local caching resolver # # kerberos. Do not run the admin daemons on slave servers # -kerberos5_server_enable="NO" # Run a kerberos 5 master server (or NO). -kerberos5_server="/usr/libexec/kdc" # path to kerberos 5 KDC -kerberos5_server_flags="--detach" # Additional flags to the kerberos 5 server -kadmind5_server_enable="NO" # Run kadmind (or NO) -kadmind5_server="/usr/libexec/kadmind" # path to kerberos 5 admin daemon -kpasswdd_server_enable="NO" # Run kpasswdd (or NO) -kpasswdd_server="/usr/libexec/kpasswdd" # path to kerberos 5 passwd daemon +kdc_enable="NO" # Run a kerberos 5 KDC (or NO). +kdc_program="/usr/libexec/kdc" # path to kerberos 5 KDC +kdc_flags="" # Additional flags to the kerberos 5 KDC +kadmind_enable="NO" # Run kadmind (or NO) +kadmind_program="/usr/libexec/kadmind" # path to kadmind +kpasswdd_enable="NO" # Run kpasswdd (or NO) +kpasswdd_program="/usr/libexec/kpasswdd" # path to kpasswdd kfd_enable="NO" # Run kfd (or NO) kfd_program="/usr/libexec/kfd" # path to kerberos 5 kfd daemon +kfd_flags="" +ipropd_master_enable="NO" # Run Heimdal incremental propagation daemon + # (master daemon). +ipropd_master_program="/usr/libexec/ipropd-master" +ipropd_master_flags="" # Flags to ipropd-master. +ipropd_master_keytab="/etc/krb5.keytab" # keytab for ipropd-master. +ipropd_master_slaves="" # slave node names used for /var/heimdal/slaves. +ipropd_slave_enable="NO" # Run Heimdal incremental propagation daemon + # (slave daemon). +ipropd_slave_program="/usr/libexec/ipropd-slave" +ipropd_slave_flags="" # Flags to ipropd-slave. +ipropd_slave_keytab="/etc/krb5.keytab" # keytab for ipropd-slave. +ipropd_slave_masters="" # master node names. gssd_enable="NO" # Run the gssd daemon (or NO). gssd_program="/usr/sbin/gssd" # Path to gssd. diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile index 75f79b9..64e83ac 100644 --- a/etc/rc.d/Makefile +++ b/etc/rc.d/Makefile @@ -65,12 +65,14 @@ FILES= DAEMON \ ipfw \ ipmon \ ipnat \ + ipropd_master \ + ipropd_slave \ ipsec \ iscsictl \ iscsid \ jail \ kadmind \ - kerberos \ + kdc \ keyserv \ kfd \ kld \ diff --git a/etc/rc.d/SERVERS b/etc/rc.d/SERVERS index 1cf019a..7cd156a 100755 --- a/etc/rc.d/SERVERS +++ b/etc/rc.d/SERVERS @@ -4,7 +4,7 @@ # # PROVIDE: SERVERS -# REQUIRE: mountcritremote abi ldconfig savecore watchdogd +# REQUIRE: mountcritremote abi ldconfig savecore watchdogd kdc # This is a dummy dependency, for early-start servers relying on # some basic configuration. diff --git a/etc/rc.d/ipropd_master b/etc/rc.d/ipropd_master new file mode 100755 index 0000000..0611dea --- /dev/null +++ b/etc/rc.d/ipropd_master @@ -0,0 +1,40 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipropd_master +# REQUIRE: kdc +# KEYWORD: shutdown + +. /etc/rc.subr + +name=ipropd_master +rcvar=${name}_enable +required_files="$ipropd_master_keytab" +start_precmd=${name}_start_precmd +start_postcmd=${name}_start_postcmd + +ipropd_master_start_precmd() +{ + + if [ -z "$ipropd_master_slaves" ]; then + warn "\$ipropd_master_slaves is empty." + return 1 + fi + for _slave in $ipropd_master_slaves; do + echo $_slave + done > /var/heimdal/slaves || return 1 + command_args="$command_args \ + --keytab=\"$ipropd_master_keytab\" \ + --detach \ + " +} +ipropd_master_start_postcmd() +{ + + echo "${name}: slave nodes: $ipropd_master_slaves" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ipropd_slave b/etc/rc.d/ipropd_slave new file mode 100755 index 0000000..803281e --- /dev/null +++ b/etc/rc.d/ipropd_slave @@ -0,0 +1,32 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipropd_slave +# REQUIRE: kdc +# KEYWORD: shutdown + +. /etc/rc.subr + +name=ipropd_slave +rcvar=${name}_enable +required_files="$ipropd_slave_keytab" +start_precmd=${name}_start_precmd + +ipropd_slave_start_precmd() +{ + + if [ -z "$ipropd_slave_masters" ]; then + warn "\$ipropd_slave_masters is empty." + return 1 + fi + command_args=" \ + $command_args \ + --keytab=\"$ipropd_slave_keytab\" \ + --detach \ + $ipropd_slave_masters" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/kadmind b/etc/rc.d/kadmind index 1e07938..d4acd7c 100755 --- a/etc/rc.d/kadmind +++ b/etc/rc.d/kadmind @@ -3,18 +3,26 @@ # $FreeBSD$ # -# PROVIDE: kadmin -# REQUIRE: kerberos -# BEFORE: DAEMON +# PROVIDE: kadmind +# REQUIRE: kdc +# KEYWORD: shutdown . /etc/rc.subr -name="kadmind5" -load_rc_config $name -rcvar="kadmind5_server_enable" -unset start_cmd -command="${kadmind5_server}" -command_args="&" -required_vars="kerberos5_server_enable" +name=kadmind +rcvar=${name}_enable +required_vars=kdc_enable +start_precmd=${name}_start_precmd + +set_rcvar_obsolete kadmind5_server_enable kadmind_enable +set_rcvar_obsolete kadmind5_server kadmind_program +set_rcvar_obsolete kerberos5_server_enable kdc_enable + +kadmind_start_precmd() +{ + command_args="$command_args &" +} + +load_rc_config $name run_rc_command "$1" diff --git a/etc/rc.d/kdc b/etc/rc.d/kdc new file mode 100755 index 0000000..aef96df --- /dev/null +++ b/etc/rc.d/kdc @@ -0,0 +1,27 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: kdc +# REQUIRE: NETWORKING +# KEYWORD: shutdown + +. /etc/rc.subr + +name=kdc +rcvar=${name}_enable +start_precmd=${name}_start_precmd + +set_rcvar_obsolete kerberos5_server_enable kdc_enable +set_rcvar_obsolete kerberos5_server kdc_program +set_rcvar_obsolete kerberos5_server_flags kdc_flags + +kdc_start_precmd() +{ + + command_args="$command_args --detach" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/kerberos b/etc/rc.d/kerberos deleted file mode 100755 index 3eeb32a..0000000 --- a/etc/rc.d/kerberos +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: kerberos -# REQUIRE: NETWORKING - -. /etc/rc.subr - -name="kerberos5" -rcvar="kerberos5_server_enable" - -load_rc_config $name -command="${kerberos5_server}" -kerberos5_flags="${kerberos5_server_flags}" -run_rc_command "$1" diff --git a/etc/rc.d/kfd b/etc/rc.d/kfd index d393f95..b6d9365 100755 --- a/etc/rc.d/kfd +++ b/etc/rc.d/kfd @@ -10,8 +10,14 @@ . /etc/rc.subr name=kfd -rcvar=kfd_enable -load_rc_config $name -command_args="-i &" +rcvar=${name}_enable +start_precmd=${name}_start_precmd + +kfd_start_precmd() +{ + command_args="$command_args -i &" +} + +load_rc_config $name run_rc_command "$1" diff --git a/etc/rc.d/kpasswdd b/etc/rc.d/kpasswdd index d7f40ac..cf72d80 100755 --- a/etc/rc.d/kpasswdd +++ b/etc/rc.d/kpasswdd @@ -4,17 +4,25 @@ # # PROVIDE: kpasswdd -# REQUIRE: kadmin -# BEFORE: DAEMON +# REQUIRE: kdc +# KEYWORD: shutdown . /etc/rc.subr -name="kpasswdd" -load_rc_config $name -rcvar="kpasswdd_server_enable" -unset start_cmd -command="${kpasswdd_server}" -command_args="&" -required_vars="kadmind5_server_enable" +name=kpasswdd +rcvar=${name}_enable +required_vars=kdc_enable +start_precmd=${name}_start_precmd + +set_rcvar_obsolete kpasswdd_server_enable kpasswdd_enable +set_rcvar_obsolete kpasswdd_server kpasswdd_program +set_rcvar_obsolete kerberos5_server_enable kdc_enable + +kpasswdd_start_precmd() +{ + command_args="$command_args &" +} + +load_rc_config $name run_rc_command "$1" |