Move OTP sockets to KDC_RUN_DIR

Some system configurations expect Unix-domain sockets to live under
/run or /var/run, and not other parts of /var where persistent
application state lives.  Define a new directory KDC_RUN_DIR using
$runstatedir (new in autoconf 2.70, so fall back to $localstatedir/run
if it's not set) and use that for the default socket path.

[ghudson@mit.edu: commit message, otp.rst formatting fix]

ticket: 7859 (new)

3 files changed, 8 insertions, 2 deletions

diff --git a/doc/admin/otp.rst b/doc/admin/otp.rst
index 0abd5ff837..f12c36d4f4 100644
--- a/doc/admin/otp.rst
+++ b/doc/admin/otp.rst
@@ -23,7 +23,7 @@ the following format::
 
     [otp]
         <name> = {
-            server = <host:port or filename> (default: $KDCDIR/<name>.socket)
+            server = <host:port or filename> (default: see below)
             secret = <filename>
             timeout = <integer> (default: 5 [seconds])
             retries = <integer> (default: 3)
@@ -33,7 +33,8 @@ the following format::
 If the server field begins with '/', it will be interpreted as a UNIX
 socket.  Otherwise, it is assumed to be in the format host:port.  When
 a UNIX domain socket is specified, the secret field is optional and an
-empty secret is used by default.
+empty secret is used by default.  If the server field is not
+specified, it defaults to |kdcrundir|\ ``/<name>.socket``.
 
 When forwarding the request over RADIUS, by default the principal is
 used in the User-Name attribute of the RADIUS packet.  The strip_realm
diff --git a/doc/conf.py b/doc/conf.py
index f015fc8fbb..bc8b2bd1c1 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -231,6 +231,7 @@ if 'mansubs' in tags:
     sbindir = '``@SBINDIR@``'
     libdir = '``@LIBDIR@``'
     localstatedir = '``@LOCALSTATEDIR@``'
+    runstatedir = '``@RUNSTATEDIR@``'
     sysconfdir = '``@SYSCONFDIR@``'
     ccache = '``@CCNAME@``'
     keytab = '``@KTNAME@``'
@@ -243,6 +244,7 @@ else:
     sbindir = ':ref:`SBINDIR <paths>`'
     libdir = ':ref:`LIBDIR <paths>`'
     localstatedir = ':ref:`LOCALSTATEDIR <paths>`'
+    runstatedir = ':ref:`RUNSTATEDIR <paths>`'
     sysconfdir = ':ref:`SYSCONFDIR <paths>`'
     ccache = ':ref:`DEFCCNAME <paths>`'
     keytab = ':ref:`DEFKTNAME <paths>`'
@@ -262,6 +264,7 @@ else:
     rst_epilog += '.. |sbindir| replace:: %s\n' % sbindir
     rst_epilog += '.. |libdir| replace:: %s\n' % libdir
     rst_epilog += '.. |kdcdir| replace:: %s\\ ``/krb5kdc``\n' % localstatedir
+    rst_epilog += '.. |kdcrundir| replace:: %s\\ ``/krb5kdc``\n' % runstatedir
     rst_epilog += '.. |sysconfdir| replace:: %s\n' % sysconfdir
     rst_epilog += '.. |ccache| replace:: %s\n' % ccache
     rst_epilog += '.. |keytab| replace:: %s\n' % keytab
diff --git a/doc/mitK5defaults.rst b/doc/mitK5defaults.rst
index 89b8f4c452..838dabbba1 100644
--- a/doc/mitK5defaults.rst
+++ b/doc/mitK5defaults.rst
@@ -17,6 +17,7 @@ KDC config file :ref:`kdc.conf(5)`          |kdcdir|\ ``/kdc.conf``        **KRB
 KDC database path (DB2)                     |kdcdir|\ ``/principal``
 Master key :ref:`stash_definition`          |kdcdir|\ ``/.k5.``\ *realm*
 Admin server ACL file :ref:`kadm5.acl(5)`   |kdcdir|\ ``/kadm5.acl``
+OTP socket directory                        |kdcrundir|
 Plugin base directory                       |libdir|\ ``/krb5/plugins``
 :ref:`rcache_definition` directory          ``/var/tmp``                   **KRB5RCACHEDIR**
 Master key default enctype                  |defmkey|
@@ -64,6 +65,7 @@ Description                 Symbolic name  Custom build path            Typical
 User programs               BINDIR         ``/usr/local/bin``           ``/usr/bin``
 Libraries and plugins       LIBDIR         ``/usr/local/lib``           ``/usr/lib``
 Parent of KDC state dir     LOCALSTATEDIR  ``/usr/local/var``           ``/var``
+Parent of KDC runtime dir   RUNSTATEDIR    ``/usr/local/var/run``       ``/run``
 Administrative programs     SBINDIR        ``/usr/local/sbin``          ``/usr/sbin``
 Alternate krb5.conf dir     SYSCONFDIR     ``/usr/local/etc``           ``/etc``
 Default ccache name         DEFCCNAME      ``FILE:/tmp/krb5cc_%{uid}``  ``FILE:/tmp/krb5cc_%{uid}``