diff options
author | cvsdist <cvsdist@fedoraproject.org> | 2004-09-09 07:05:48 +0000 |
---|---|---|
committer | cvsdist <cvsdist@fedoraproject.org> | 2004-09-09 07:05:48 +0000 |
commit | af3b5464f00d54f0759bfb657046b1250a28337c (patch) | |
tree | 9f25f8f07a5e92a7eaf18d1de0d931ee675464aa | |
parent | e7d1e844b3b4774e364cd163b02ed629662aa996 (diff) | |
download | krb5-af3b5464f00d54f0759bfb657046b1250a28337c.tar.gz krb5-af3b5464f00d54f0759bfb657046b1250a28337c.tar.xz krb5-af3b5464f00d54f0759bfb657046b1250a28337c.zip |
auto-import changelog data from krb5-1.2.1-8.src.rpmkrb5-1_2_1-8RHL-7_0-split
Wed Aug 16 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix summaries and descriptions
- switched the default transfer protocol from PORT to PASV as proposed on
bugzilla (#16134), and to match the regular ftp package's behavior
Wed Jul 19 2000 Jeff Johnson <jbj@redhat.com>
- rebuild to compress man pages.
Sat Jul 15 2000 Bill Nottingham <notting@redhat.com>
- move initscript back
Fri Jul 14 2000 Nalin Dahyabhai <nalin@redhat.com>
- disable servers by default to keep linuxconf from thinking they need to
be started when they don't
Thu Jul 13 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild
Mon Jul 10 2000 Nalin Dahyabhai <nalin@redhat.com>
- change cleanup code in post to not tickle chkconfig
- add grep as a Prereq: for -libs
Thu Jul 06 2000 Nalin Dahyabhai <nalin@redhat.com>
- move condrestarts to postun
- make xinetd configs noreplace
- add descriptions to xinetd configs
- add /etc/init.d as a prereq for the -server package
- patch to properly truncate $TERM in krlogind
Fri Jun 30 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 1.2.1
- back out Tom Yu's patch, which is a big chunk of the 1.2 -> 1.2.1 update
- start using the official source tarball instead of its contents
Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- Tom Yu's patch to fix compatibility between 1.2 kadmin and 1.1.1 kadmind
- pull out 6.2 options in the spec file (sonames changing in 1.2 means it's
not compatible with other stuff in 6.2, so no need)
Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com>
- tweak graceful start/stop logic in post and preun
Mon Jun 26 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to the 1.2 release
- ditch a lot of our patches which went upstream
- enable use of DNS to look up things at build-time
- disable use of DNS to look up things at run-time in default krb5.conf
- change ownership of the convert-config-files script to root.root
- compress PS docs
- fix some typos in the kinit man page
- run condrestart in server post, and shut down in preun
Mon Jun 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- only remove old krb5server init script links if the init script is there
Sat Jun 17 2000 Nalin Dahyabhai <nalin@redhat.com>
- disable kshell and eklogin by default
Thu Jun 15 2000 Nalin Dahyabhai <nalin@redhat.com>
- patch mkdir/rmdir problem in ftpcmd.y
- add condrestart option to init script
- split the server init script into three pieces and add one for kpropd
Wed Jun 14 2000 Nalin Dahyabhai <nalin@redhat.com>
- make sure workstation servers are all disabled by default
- clean up krb5server init script
Fri Jun 09 2000 Nalin Dahyabhai <nalin@redhat.com>
- apply second set of buffer overflow fixes from Tom Yu
- fix from Dirk Husung for a bug in buffer cleanups in the test suite
- work around possibly broken rev binary in running test suite
- move default realm configs from /var/kerberos to /var/kerberos
Tue Jun 06 2000 Nalin Dahyabhai <nalin@redhat.com>
- make ksu and v4rcp owned by root
Sat Jun 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- use %{_infodir} to better comply with FHS
- move .so files to -devel subpackage
- tweak xinetd config files (bugs #11833, #11835, #11836, #11840)
- fix package descriptions again
Wed May 24 2000 Nalin Dahyabhai <nalin@redhat.com>
- change a LINE_MAX to 1024, fix from Ken Raeburn
- add fix for login vulnerability in case anyone rebuilds without krb4
compat
- add tweaks for byte-swapping macros in krb.h, also from Ken
- add xinetd config files
- make rsh and rlogin quieter
- build with debug to fix credential forwarding
- add rsh as a build-time req because the configure scripts look for it to
determine paths
Wed May 17 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix config_subpackage logic
Tue May 16 2000 Nalin Dahyabhai <nalin@redhat.com>
- remove setuid bit on v4rcp and ksu
- apply patches from Jeffrey Schiller to fix overruns Chris Evans found
- reintroduce configs subpackage for use in the errata
- add PreReq: sh-utils
Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix double-free in the kdc (patch merged into MIT tree)
- include convert-config-files script as a documentation file
Wed May 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- patch ksu man page because the -C option never works
- add access() checks and disable debug mode in ksu
- modify default ksu build arguments to specify more directories in
CMD_PATH and to use getusershell()
Wed May 03 2000 Bill Nottingham <notting@redhat.com>
- fix configure stuff for ia64
Mon Apr 10 2000 Nalin Dahyabhai <nalin@redhat.com>
- add LDCOMBINE=-lc to configure invocation to use libc versioning (bug
#10653)
- change Requires: for/in subpackages to include 1.2.1
Wed Apr 05 2000 Nalin Dahyabhai <nalin@redhat.com>
- add man pages for kerberos(1), kvno(1), .k5login(5)
- add kvno to -workstation
Mon Apr 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- Merge krb5-configs back into krb5-libs. The krb5.conf file is marked as a
%config file anyway.
- Make krb5.conf a noreplace config file.
Thu Mar 30 2000 Nalin Dahyabhai <nalin@redhat.com>
- Make klogind pass a clean environment to children, like NetKit's rlogind
does.
Wed Mar 08 2000 Nalin Dahyabhai <nalin@redhat.com>
- Don't enable the server by default.
- Compress info pages.
- Add defaults for the PAM module to krb5.conf
Mon Mar 06 2000 Nalin Dahyabhai <nalin@redhat.com>
- Correct copyright: it's exportable now, provided the proper paperwork is
filed with the government.
Fri Mar 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- apply Mike Friedman's patch to fix format string problems
- don't strip off argv[0] when invoking regular rsh/rlogin
Thu Mar 02 2000 Nalin Dahyabhai <nalin@redhat.com>
- run kadmin.local correctly at startup
Mon Feb 28 2000 Nalin Dahyabhai <nalin@redhat.com>
- pass absolute path to kadm5.keytab if/when extracting keys at startup
Sat Feb 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix info page insertions
Wed Feb 09 2000 Nalin Dahyabhai <nalin@redhat.com>
- tweak server init script to automatically extract kadm5 keys if
/var/kerberos/krb5kdc/kadm5.keytab doesn't exist yet
- adjust package descriptions
Thu Feb 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix for potentially gzipped man pages
Fri Jan 21 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix comments in krb5-configs
Fri Jan 07 2000 Nalin Dahyabhai <nalin@redhat.com>
- move /usr/kerberos/bin to end of PATH
Tue Dec 28 1999 Nalin Dahyabhai <nalin@redhat.com>
- install kadmin header files
Tue Dec 21 1999 Nalin Dahyabhai <nalin@redhat.com>
- patch around TIOCGTLC defined on alpha and remove warnings from libpty.h
- add installation of info docs
- remove krb4 compat patch because it doesn't fix workstation-side servers
Mon Dec 20 1999 Nalin Dahyabhai <nalin@redhat.com>
- remove hesiod dependency at build-time
Sun Dec 19 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- rebuild on 1.1.1
Thu Oct 07 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- clean up init script for server, verify that it works [jlkatz]
- clean up rotation script so that rc likes it better
- add clean stanza
Mon Oct 04 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- backed out ncurses and makeshlib patches
- update for krb5-1.1
- add KDC rotation to rc.boot, based on ideas from Michael's C version
Sun Sep 26 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- added -lncurses to telnet and telnetd makefiles
Mon Jul 05 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- added krb5.csh and krb5.sh to /etc/profile.d
Tue Jun 22 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- broke out configuration files
Mon Jun 14 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- fixed server package so that it works now
Sat May 15 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- started changelog
- updated existing 1.0.5 RPM from Eos Linux to krb5 1.0.6
- added --force to makeinfo commands to skip errors during build
-rw-r--r-- | .cvsignore | 1 | ||||
-rw-r--r-- | eklogin.xinetd | 13 | ||||
-rw-r--r-- | gssftp.xinetd | 14 | ||||
-rw-r--r-- | kadm5.acl | 1 | ||||
-rwxr-xr-x | kadmind.init | 79 | ||||
-rw-r--r-- | kdc.conf | 10 | ||||
-rw-r--r-- | kdcrotate | 45 | ||||
-rw-r--r-- | klogin.xinetd | 13 | ||||
-rwxr-xr-x | kpropd.init | 71 | ||||
-rw-r--r-- | krb5-1.2.1-passive.patch | 29 | ||||
-rw-r--r-- | krb5-telnet.xinetd | 13 | ||||
-rw-r--r-- | krb5.conf | 31 | ||||
-rwxr-xr-x | krb5.csh | 8 | ||||
-rwxr-xr-x | krb5.sh | 8 | ||||
-rw-r--r-- | krb5.spec | 603 | ||||
-rwxr-xr-x | krb524d.init | 69 | ||||
-rwxr-xr-x | krb5kdc.init | 69 | ||||
-rw-r--r-- | krlogin | 1 | ||||
-rw-r--r-- | krsh | 1 | ||||
-rw-r--r-- | kshell.xinetd | 13 | ||||
-rw-r--r-- | sources | 1 |
21 files changed, 1093 insertions, 0 deletions
@@ -0,0 +1 @@ +krb5-1.2.1.tar diff --git a/eklogin.xinetd b/eklogin.xinetd new file mode 100644 index 0000000..d05b161 --- /dev/null +++ b/eklogin.xinetd @@ -0,0 +1,13 @@ +# default: off +# description: The encrypting kerberized rlogin server accepts rlogin sessions \ +# authenticated and encrypted with Kerberos 5. +service eklogin +{ + flags = REUSE + socket_type = stream + wait = no + user = root + server = /usr/kerberos/sbin/klogind + server_args = -e -5 + disable = yes +} diff --git a/gssftp.xinetd b/gssftp.xinetd new file mode 100644 index 0000000..3f9f73e --- /dev/null +++ b/gssftp.xinetd @@ -0,0 +1,14 @@ +# default: off +# description: The kerberized FTP server accepts FTP connections \ +# that can be authenticated with Kerberos 5. +service ftp +{ + flags = REUSE + socket_type = stream + wait = no + user = root + server = /usr/kerberos/sbin/ftpd + server_args = -l -a + log_on_failure += USERID + disable = yes +} diff --git a/kadm5.acl b/kadm5.acl new file mode 100644 index 0000000..dc93eb0 --- /dev/null +++ b/kadm5.acl @@ -0,0 +1 @@ +*/admin@EXAMPLE.COM * diff --git a/kadmind.init b/kadmind.init new file mode 100755 index 0000000..dc826cd --- /dev/null +++ b/kadmind.init @@ -0,0 +1,79 @@ +#!/bin/sh +# +# kadmind Start and stop the Kerberos 5 administrative server. +# +# chkconfig: - 35 65 +# description: Kerberos 5 is a trusted third-party authentication system. \ +# This script starts and stops the Kerberos 5 administrative \ +# server, which should only be run on the master server for a \ +# realm. +# processname: kadmind +# + +# Get config. +. /etc/sysconfig/network + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 0 + +# Source function library. +. /etc/init.d/functions + +RETVAL=0 + +# Sheel functions to cut down on useless shell instances. +start() { + if [ ! -f /var/kerberos/krb5kdc/principal ] ; then + exit 0 + fi + if [ -f /var/kerberos/krb5kdc/kpropd.acl ] ; then + exit 0 + else + if [ ! -f /var/kerberos/krb5kdc/kadm5.keytab ] ; then + echo "Extracting kadm5 Service Keys" + /usr/kerberos/sbin/kadmin.local -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw" && success || fail + echo + fi + fi + echo -n "Starting Kerberos 5 Admin Server" + daemon /usr/kerberos/sbin/kadmind + RETVAL=$? + echo + [ $RETVAL = 0 ] && touch /var/lock/subsys/kadmin +} +stop() { + echo -n "Stopping Kerberos 5 Admin Server" + killproc kadmind + RETVAL=$? + echo + [ $RETVAL = 0 ] && rm -f /var/lock/subsys/kadmin +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + status) + status kadmind + ;; + condrestart) + if [ -f /var/lock/subsys/kadmin ] ; then + stop + start + fi + ;; + *) + echo "Usage: $0 {start|stop|status|condrestart|restart}" + RETVAL=1 + ;; +esac + +exit $RETVAL diff --git a/kdc.conf b/kdc.conf new file mode 100644 index 0000000..07adeb6 --- /dev/null +++ b/kdc.conf @@ -0,0 +1,10 @@ +[kdcdefaults] + acl_file = /var/kerberos/krb5kdc/kadm5.acl + dict_file = /usr/dict/words + admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab + +[realms] + EXAMPLE.COM = { + master_key_type = des-cbc-crc + supported_enctypes = des-cbc-crc:normal des3-cbc-raw:normal des3-cbc-sha1:normal des-cbc-crc:v4 des-cbc-crc:afs3 + } diff --git a/kdcrotate b/kdcrotate new file mode 100644 index 0000000..35bd894 --- /dev/null +++ b/kdcrotate @@ -0,0 +1,45 @@ +#!/bin/sh +# +# kdcrotate This shell script rotates the list of KDCs in /etc/krb5.conf +# +# Author: Based on SysV Init in RHS Linux by Damien Neil +# Written by Nalin Dahyabhai <nalin@redhat.com> +# +# chkconfig: 345 99 01 +# +# description: Rotate the list of KDCs listed in /etc/krb5.conf +# + +PATH=/sbin:$PATH + +# Only run in runlevels where we're 'enabled', which should only be 345. +if [ "$1" != "start" ] ; then + exit 0 +fi + +# source function library +. /etc/rc.d/init.d/functions + +action "Rotating KDC list" "awk ' /^[[:space:]]*kdc[[:space:]]*=/ { \\ + if(length(firstkdc) == 0) { \\ + firstkdc = \$0; \\ + } else { \\ + if(length(kdclist) > 0) { \\ + kdclist = kdclist ORS; \\ + } \\ + kdclist = kdclist \$0; \\ + } \\ + next; \\ + } \\ + { \\ + if(length(kdclist) > 0) { \\ + NEWCONFIG = NEWCONFIG kdclist ORS; \\ + } \\ + if(length(firstkdc) > 0) { \\ + NEWCONFIG = NEWCONFIG firstkdc ORS; \\ + } \\ + firstkdc = \"\"; \\ + kdclist = \"\"; \\ + NEWCONFIG = NEWCONFIG \$0 ORS; \\ + } \\ + END {printf \"%s\", NEWCONFIG > \"/etc/krb5.conf\"}' /etc/krb5.conf" diff --git a/klogin.xinetd b/klogin.xinetd new file mode 100644 index 0000000..aa229a4 --- /dev/null +++ b/klogin.xinetd @@ -0,0 +1,13 @@ +# default: off +# description: The kerberized rlogin server accepts BSD-style rlogin sessions, \ +# but uses Kerberos 5 authentication. +service klogin +{ + flags = REUSE + socket_type = stream + wait = no + user = root + server = /usr/kerberos/sbin/klogind + server_args = -5 + disable = yes +} diff --git a/kpropd.init b/kpropd.init new file mode 100755 index 0000000..185996a --- /dev/null +++ b/kpropd.init @@ -0,0 +1,71 @@ +#!/bin/sh +# +# kpropd.init Start and stop the Kerberos 5 propagation client. +# +# chkconfig: - 35 65 +# description: Kerberos 5 is a trusted third-party authentication system. \ +# This script starts and stops the service that allows this \ +# KDC to receive updates from your master KDC. +# processname: kpropd +# + +# Get config. +. /etc/sysconfig/network + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 0 + +# Source function library. +. /etc/init.d/functions + +RETVAL=0 + +# Sheel functions to cut down on useless shell instances. +start() { + if [ ! -f /var/kerberos/krb5kdc/principal ] ; then + exit 0 + fi + if [ ! -f /var/kerberos/krb5kdc/kpropd.acl ] ; then + exit 0 + fi + echo -n "Starting Kerberos 5 Propagation Server:" + daemon /usr/kerberos/sbin/kpropd -S + RETVAL=$? + [ $RETVAL = 0 ] && touch /var/lock/subsys/kprop +} +stop() { + echo -n "Stopping Kerberos 5 Propagation Server:" + killproc kpropd + RETVAL=$? + echo + [ $RETVAL = 0 ] && rm -f /var/lock/subsys/kprop +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + status) + status kpropd + ;; + condrestart) + if [ -f /var/lock/subsys/kprop ] ; then + stop + start + fi + ;; + *) + echo "Usage: $0 {start|stop|status|restart|condrestart}" + RETVAL=1 + ;; +esac + +exit $RETVAL diff --git a/krb5-1.2.1-passive.patch b/krb5-1.2.1-passive.patch new file mode 100644 index 0000000..e5cc528 --- /dev/null +++ b/krb5-1.2.1-passive.patch @@ -0,0 +1,29 @@ +--- krb5-1.2.1/src/appl/gssftp/ftp/main.c.passive Thu Jun 29 22:27:07 2000 ++++ krb5-1.2.1/src/appl/gssftp/ftp/main.c Wed Aug 16 13:15:08 2000 +@@ -178,7 +178,7 @@ + cpend = 0; /* no pending replies */ + proxy = 0; /* proxy not active */ + #ifndef NO_PASSIVE_MODE +- passivemode = 0; /* passive mode not active */ ++ passivemode = 1; /* passive mode active by default */ + #endif + crflag = 1; /* strip c.r. on ascii gets */ + sendport = -1; /* not using ports */ +--- krb5-1.2.1/src/appl/gssftp/ftp/ftp.M.passive Wed Aug 16 13:15:26 2000 ++++ krb5-1.2.1/src/appl/gssftp/ftp/ftp.M Wed Aug 16 13:17:19 2000 +@@ -619,10 +619,11 @@ + will forward a copy of the user's Kerberos tickets to the remote host. + .TP + .B passive +-Toggle passive data transfer mode. In passive mode, the client initiates +-the data connection by listening on the data port. Passive mode may +-be necessary for operation from behind firewalls which do not permit +-incoming connections. ++Toggle passive data transfer mode off. In passive mode, the client initiates ++the data connection by connecting to the data port. Passive mode is ++often necessary for operation from behind firewalls which do not permit ++incoming connections, but may need to be disabled if you connect to an ++FTP server which does not support passive operation. + .TP + .B private + Set the protection level on data transfers to ``private''. Data diff --git a/krb5-telnet.xinetd b/krb5-telnet.xinetd new file mode 100644 index 0000000..341ef3a --- /dev/null +++ b/krb5-telnet.xinetd @@ -0,0 +1,13 @@ +# default: off +# description: The kerberized telnet server accepts normal telnet sessions, \ +# but can also use Kerberos 5 authentication. +service telnet +{ + flags = REUSE + socket_type = stream + wait = no + user = root + server = /usr/kerberos/sbin/telnetd + log_on_failure += USERID + disable = yes +} diff --git a/krb5.conf b/krb5.conf new file mode 100644 index 0000000..caf341d --- /dev/null +++ b/krb5.conf @@ -0,0 +1,31 @@ +[logging] + default = FILE:/var/log/krb5libs.log + kdc = FILE:/var/log/krb5kdc.log + admin_server = FILE:/var/log/kadmind.log + +[libdefaults] + ticket_lifetime = 24000 + default_realm = EXAMPLE.COM + dns_lookup_realm = false + dns_lookup_kdc = false + +[realms] + EXAMPLE.COM = { + kdc = kerberos.example.com:88 + admin_server = kerberos.example.com:749 + default_domain = example.com + } + +[domain_realm] + .example.com = EXAMPLE.COM + example.com = EXAMPLE.COM + +[kdc] + profile = /var/kerberos/krb5kdc/kdc.conf + +[pam] + debug = false + ticket_lifetime = 36000 + renew_lifetime = 36000 + forwardable = true + krb4_convert = false diff --git a/krb5.csh b/krb5.csh new file mode 100755 index 0000000..04ef510 --- /dev/null +++ b/krb5.csh @@ -0,0 +1,8 @@ +if ( /usr/kerberos/bin !~ "${path}" ) then + set path = ( /usr/kerberos/bin $path ) +endif +if ( /usr/kerberos/sbin !~ "${path}" ) then + if ( `id -u` == 0 ) then + set path = ( /usr/kerberos/sbin $path ) + endif +endif @@ -0,0 +1,8 @@ +if ! echo ${PATH} | grep -q /usr/kerberos/bin ; then + PATH=/usr/kerberos/bin:${PATH} +fi +if ! echo ${PATH} | grep -q /usr/kerberos/sbin ; then + if [ `id -u` = 0 ] ; then + PATH=/usr/kerberos/sbin:${PATH} + fi +fi diff --git a/krb5.spec b/krb5.spec new file mode 100644 index 0000000..785adb1 --- /dev/null +++ b/krb5.spec @@ -0,0 +1,603 @@ +%define prefix %{_prefix}/kerberos + +Summary: The Kerberos network authentication system. +Name: krb5 +Version: 1.2.1 +Release: 8 +Source0: krb5-%{version}.tar +Source1: kpropd.init +Source2: krb524d.init +Source3: kadmind.init +Source4: krb5kdc.init +Source5: krb5.conf +Source6: krb5.sh +Source7: krb5.csh +Source8: kdcrotate +Source9: kdc.conf +Source10: kadm5.acl +Source11: krsh +Source12: krlogin +Source13: eklogin.xinetd +Source14: klogin.xinetd +Source15: kshell.xinetd +Source16: krb5-telnet.xinetd +Source17: gssftp.xinetd +Source18: krb5server.init +Patch0: krb5-1.1-db.patch +Patch1: krb5-1.1.1-tiocgltc.patch +Patch2: krb5-1.1.1-libpty.patch +Patch3: krb5-1.1.1-fixinfo.patch +Patch4: krb5-1.1.1-manpages.patch +Patch5: krb5-1.1.1-netkitr.patch +Patch6: krb5-1.2-rlogind.patch +Patch7: krb5-1.2-ksu.patch +Patch8: krb5-1.2-ksu.options.patch +Patch9: krb5-1.2-ksu.man.patch +Patch10: krb5-1.2-quiet.patch +Patch11: krb5-1.1.1-brokenrev.patch +Patch12: krb5-1.2-spelling.patch +Patch13: krb5-1.2.1-term.patch +Patch14: krb5-1.2.1-passive.patch +Copyright: MIT, freely distributable. +URL: http://web.mit.edu/kerberos/www/ +Group: System Environment/Libraries +BuildRoot: %{_tmppath}/%{name}-root +Prereq: grep, info, sh-utils, /sbin/install-info +BuildPrereq: e2fsprogs-devel, gzip, rsh, tcl, texinfo, tar + +%description +Kerberos V5 is a trusted-third-party network authentication system, +which can improve your network's security by eliminating the insecure +practice of cleartext passwords. + +%package devel +Summary: Development files needed for compiling Kerberos 5 programs. +Group: Development/Libraries +Requires: %{name}-libs = %{version} + +%description devel +Kerberos is a network authentication system. The krb5-devel package +contains the header files and libraries needed for compiling Kerberos +5 programs. If you want to develop Kerberos-aware programs, you'll +need to install this package. + +%package libs +Summary: The shared libraries used by Kerberos 5. +Group: System Environment/Libraries +Prereq: grep, /sbin/ldconfig, sh-utils + +%description libs +Kerberos is a network authentication system. The krb5-libs package +contains the shared libraries needed by Kerberos 5. If you're using +Kerberos, you'll need to install this package. + +%package server +Group: System Environment/Daemons +Summary: The server programs for Kerberos 5. +Requires: %{name}-libs = %{version}, %{name}-workstation = %{version} +Prereq: grep, /sbin/install-info, /bin/sh, sh-utils, /etc/init.d + +%description server +Kerberos is a network authentication system. The krb5-server package +contains the programs that must be installed on a Kerberos 5 server. +If you're installing a Kerberos 5 server, you need to install this +package (in other words, most people should NOT install this +package). + +%package workstation +Summary: Kerberos 5 programs for use on workstations. +Group: System Environment/Base +Requires: %{name}-libs = %{version} +Prereq: grep, /sbin/install-info, /bin/sh, sh-utils + +%description workstation +Kerberos is a network authentication system. The krb5-workstation +package contains the basic Kerberos programs (kinit, klist, kdestroy, +kpasswd) as well as kerberized versions of Telnet and FTP. If your +network uses Kerberos, this package should be installed on every +workstation. + +%changelog +* Wed Aug 16 2000 Nalin Dahyabhai <nalin@redhat.com> +- fix summaries and descriptions +- switched the default transfer protocol from PORT to PASV as proposed on + bugzilla (#16134), and to match the regular ftp package's behavior + +* Wed Jul 19 2000 Jeff Johnson <jbj@redhat.com> +- rebuild to compress man pages. + +* Sat Jul 15 2000 Bill Nottingham <notting@redhat.com> +- move initscript back + +* Fri Jul 14 2000 Nalin Dahyabhai <nalin@redhat.com> +- disable servers by default to keep linuxconf from thinking they need to be + started when they don't + +* Thu Jul 13 2000 Prospector <bugzilla@redhat.com> +- automatic rebuild + +* Mon Jul 10 2000 Nalin Dahyabhai <nalin@redhat.com> +- change cleanup code in post to not tickle chkconfig +- add grep as a Prereq: for -libs + +* Thu Jul 6 2000 Nalin Dahyabhai <nalin@redhat.com> +- move condrestarts to postun +- make xinetd configs noreplace +- add descriptions to xinetd configs +- add /etc/init.d as a prereq for the -server package +- patch to properly truncate $TERM in krlogind + +* Fri Jun 30 2000 Nalin Dahyabhai <nalin@redhat.com> +- update to 1.2.1 +- back out Tom Yu's patch, which is a big chunk of the 1.2 -> 1.2.1 update +- start using the official source tarball instead of its contents + +* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com> +- Tom Yu's patch to fix compatibility between 1.2 kadmin and 1.1.1 kadmind +- pull out 6.2 options in the spec file (sonames changing in 1.2 means it's not + compatible with other stuff in 6.2, so no need) + +* Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com> +- tweak graceful start/stop logic in post and preun + +* Mon Jun 26 2000 Nalin Dahyabhai <nalin@redhat.com> +- update to the 1.2 release +- ditch a lot of our patches which went upstream +- enable use of DNS to look up things at build-time +- disable use of DNS to look up things at run-time in default krb5.conf +- change ownership of the convert-config-files script to root.root +- compress PS docs +- fix some typos in the kinit man page +- run condrestart in server post, and shut down in preun + +* Mon Jun 19 2000 Nalin Dahyabhai <nalin@redhat.com> +- only remove old krb5server init script links if the init script is there + +* Sat Jun 17 2000 Nalin Dahyabhai <nalin@redhat.com> +- disable kshell and eklogin by default + +* Thu Jun 15 2000 Nalin Dahyabhai <nalin@redhat.com> +- patch mkdir/rmdir problem in ftpcmd.y +- add condrestart option to init script +- split the server init script into three pieces and add one for kpropd + +* Wed Jun 14 2000 Nalin Dahyabhai <nalin@redhat.com> +- make sure workstation servers are all disabled by default +- clean up krb5server init script + +* Fri Jun 9 2000 Nalin Dahyabhai <nalin@redhat.com> +- apply second set of buffer overflow fixes from Tom Yu +- fix from Dirk Husung for a bug in buffer cleanups in the test suite +- work around possibly broken rev binary in running test suite +- move default realm configs from /var/kerberos to %{_var}/kerberos + +* Tue Jun 6 2000 Nalin Dahyabhai <nalin@redhat.com> +- make ksu and v4rcp owned by root + +* Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com> +- use %%{_infodir} to better comply with FHS +- move .so files to -devel subpackage +- tweak xinetd config files (bugs #11833, #11835, #11836, #11840) +- fix package descriptions again + +* Wed May 24 2000 Nalin Dahyabhai <nalin@redhat.com> +- change a LINE_MAX to 1024, fix from Ken Raeburn +- add fix for login vulnerability in case anyone rebuilds without krb4 compat +- add tweaks for byte-swapping macros in krb.h, also from Ken +- add xinetd config files +- make rsh and rlogin quieter +- build with debug to fix credential forwarding +- add rsh as a build-time req because the configure scripts look for it to + determine paths + +* Wed May 17 2000 Nalin Dahyabhai <nalin@redhat.com> +- fix config_subpackage logic + +* Tue May 16 2000 Nalin Dahyabhai <nalin@redhat.com> +- remove setuid bit on v4rcp and ksu +- apply patches from Jeffrey Schiller to fix overruns Chris Evans found +- reintroduce configs subpackage for use in the errata +- add PreReq: sh-utils + +* Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com> +- fix double-free in the kdc (patch merged into MIT tree) +- include convert-config-files script as a documentation file + +* Wed May 03 2000 Nalin Dahyabhai <nalin@redhat.com> +- patch ksu man page because the -C option never works +- add access() checks and disable debug mode in ksu +- modify default ksu build arguments to specify more directories in CMD_PATH + and to use getusershell() + +* Wed May 03 2000 Bill Nottingham <notting@redhat.com> +- fix configure stuff for ia64 + +* Mon Apr 10 2000 Nalin Dahyabhai <nalin@redhat.com> +- add LDCOMBINE=-lc to configure invocation to use libc versioning (bug #10653) +- change Requires: for/in subpackages to include %{version} + +* Wed Apr 05 2000 Nalin Dahyabhai <nalin@redhat.com> +- add man pages for kerberos(1), kvno(1), .k5login(5) +- add kvno to -workstation + +* Mon Apr 03 2000 Nalin Dahyabhai <nalin@redhat.com> +- Merge krb5-configs back into krb5-libs. The krb5.conf file is marked as + a %%config file anyway. +- Make krb5.conf a noreplace config file. + +* Thu Mar 30 2000 Nalin Dahyabhai <nalin@redhat.com> +- Make klogind pass a clean environment to children, like NetKit's rlogind does. + +* Wed Mar 08 2000 Nalin Dahyabhai <nalin@redhat.com> +- Don't enable the server by default. +- Compress info pages. +- Add defaults for the PAM module to krb5.conf + +* Mon Mar 06 2000 Nalin Dahyabhai <nalin@redhat.com> +- Correct copyright: it's exportable now, provided the proper paperwork is + filed with the government. + +* Fri Mar 03 2000 Nalin Dahyabhai <nalin@redhat.com> +- apply Mike Friedman's patch to fix format string problems +- don't strip off argv[0] when invoking regular rsh/rlogin + +* Thu Mar 02 2000 Nalin Dahyabhai <nalin@redhat.com> +- run kadmin.local correctly at startup + +* Mon Feb 28 2000 Nalin Dahyabhai <nalin@redhat.com> +- pass absolute path to kadm5.keytab if/when extracting keys at startup + +* Sat Feb 19 2000 Nalin Dahyabhai <nalin@redhat.com> +- fix info page insertions + +* Wed Feb 9 2000 Nalin Dahyabhai <nalin@redhat.com> +- tweak server init script to automatically extract kadm5 keys if + /var/kerberos/krb5kdc/kadm5.keytab doesn't exist yet +- adjust package descriptions + +* Thu Feb 3 2000 Nalin Dahyabhai <nalin@redhat.com> +- fix for potentially gzipped man pages + +* Fri Jan 21 2000 Nalin Dahyabhai <nalin@redhat.com> +- fix comments in krb5-configs + +* Fri Jan 7 2000 Nalin Dahyabhai <nalin@redhat.com> +- move /usr/kerberos/bin to end of PATH + +* Tue Dec 28 1999 Nalin Dahyabhai <nalin@redhat.com> +- install kadmin header files + +* Tue Dec 21 1999 Nalin Dahyabhai <nalin@redhat.com> +- patch around TIOCGTLC defined on alpha and remove warnings from libpty.h +- add installation of info docs +- remove krb4 compat patch because it doesn't fix workstation-side servers + +* Mon Dec 20 1999 Nalin Dahyabhai <nalin@redhat.com> +- remove hesiod dependency at build-time + +* Sun Dec 19 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu> +- rebuild on 1.1.1 + +* Thu Oct 7 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu> +- clean up init script for server, verify that it works [jlkatz] +- clean up rotation script so that rc likes it better +- add clean stanza + +* Mon Oct 4 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu> +- backed out ncurses and makeshlib patches +- update for krb5-1.1 +- add KDC rotation to rc.boot, based on ideas from Michael's C version + +* Mon Sep 26 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu> +- added -lncurses to telnet and telnetd makefiles + +* Mon Jul 5 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu> +- added krb5.csh and krb5.sh to /etc/profile.d + +* Mon Jun 22 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu> +- broke out configuration files + +* Mon Jun 14 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu> +- fixed server package so that it works now + +* Sat May 15 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu> +- started changelog +- updated existing 1.0.5 RPM from Eos Linux to krb5 1.0.6 +- added --force to makeinfo commands to skip errors during build + +%prep +%setup -q -c +gzip -dc krb5-%{version}.src.tar.gz | tar -xf - -C .. +gzip -dc krb5-%{version}.crypto.tar.gz | tar -xf - -C .. +gzip -dc krb5-%{version}.doc.tar.gz | tar -xf - -C .. +%patch0 -p0 -b .db +%patch1 -p0 -b .tciogltc +%patch2 -p0 -b .libpty +%patch3 -p0 -b .fixinfo +%patch4 -p0 -b .manpages +%patch5 -p0 -b .netkitr +%patch6 -p1 -b .rlogind +%patch7 -p1 -b .ksu +%patch8 -p1 -b .ksu-options +%patch9 -p1 -b .ksu-man +%patch10 -p1 -b .quiet +%patch11 -p1 -b .brokenrev +%patch12 -p1 -b .spelling +%patch13 -p1 -b .term +%patch14 -p1 -b .passive +find . -type f -name "*.fixinfo" -exec rm -fv "{}" ";" +gzip doc/*.ps + +%build +cd src +libtoolize --copy --force +cp config.{guess,sub} config + +# Can't use %%configure because we don't use the default mandir. +LDCOMBINE_TAIL="-lc"; export LDCOMBINE_TAIL +./configure \ + --with-cc=%{__cc} --with-ccopts="-ggdb" \ + --enable-shared --enable-static \ + --prefix=%{prefix} \ + --infodir=%{_infodir} \ + --localstatedir=%{_var}/kerberos \ + --with-krb4 \ + --enable-dns --enable-dns-for-kdc --enable-dns-for-realm \ + --with-netlib=-lresolv \ + --with-tcl=%{_prefix} \ + %{_target_platform} +make + +# Run the test suite. +# make check TMPDIR=%{_tmppath} + +%install +[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT + +# Our shell scripts. +mkdir -p $RPM_BUILD_ROOT%{prefix}/bin +install -m 755 $RPM_SOURCE_DIR/{krsh,krlogin} $RPM_BUILD_ROOT/%{prefix}/bin/ + +# Extra headers. +mkdir -p $RPM_BUILD_ROOT%{prefix}/include +(cd src/include + find kadm5 krb5 gssrpc gssapi -name "*.h" | \ + cpio -pdm $RPM_BUILD_ROOT/%{prefix}/include ) +sed 's^k5-int^krb5/kdb^g' < $RPM_BUILD_ROOT/%{prefix}/include/kadm5/admin.h \ + > $RPM_BUILD_ROOT/%{prefix}/include/kadm5/admin.h2 &&\ +mv $RPM_BUILD_ROOT/%{prefix}/include/kadm5/admin.h2 \ + $RPM_BUILD_ROOT/%{prefix}/include/kadm5/admin.h +find $RPM_BUILD_ROOT/%{prefix}/include -type d | xargs chmod 755 +find $RPM_BUILD_ROOT/%{prefix}/include -type f | xargs chmod 644 + +# Info docs. +mkdir -p $RPM_BUILD_ROOT%{_infodir} +install -m 644 doc/*.info* $RPM_BUILD_ROOT%{_infodir}/ +gzip $RPM_BUILD_ROOT%{_infodir}/*.info* + +# KDC config files. +mkdir -p $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc +install -m 644 $RPM_SOURCE_DIR/kdc.conf $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/ +install -m 644 $RPM_SOURCE_DIR/kadm5.acl $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/ + +# Client config files and scripts. +mkdir -p $RPM_BUILD_ROOT/etc/profile.d +install -m 644 $RPM_SOURCE_DIR/krb5.conf $RPM_BUILD_ROOT/etc/krb5.conf +install -m 755 $RPM_SOURCE_DIR/krb5.{sh,csh} $RPM_BUILD_ROOT/etc/profile.d/ + +# KDC init script. +mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d +install -m 755 $RPM_SOURCE_DIR/krb5kdc.init $RPM_BUILD_ROOT/etc/rc.d/init.d/krb5kdc +install -m 755 $RPM_SOURCE_DIR/kadmind.init $RPM_BUILD_ROOT/etc/rc.d/init.d/kadmin +install -m 755 $RPM_SOURCE_DIR/kpropd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/kprop +install -m 755 $RPM_SOURCE_DIR/krb524d.init $RPM_BUILD_ROOT/etc/rc.d/init.d/krb524 +install -m 755 $RPM_SOURCE_DIR/kdcrotate $RPM_BUILD_ROOT/etc/rc.d/init.d/ + +# The rest of the binaries and libraries and docs. +cd src +make prefix=$RPM_BUILD_ROOT%{prefix} \ + localstatedir=$RPM_BUILD_ROOT%{_var}/kerberos \ + infodir=$RPM_BUILD_ROOT%{_infodir} install + +# Fixup strange shared library permissions. +chmod 755 $RPM_BUILD_ROOT%{prefix}/lib/*.so* + +# Xinetd configuration files. +mkdir -p $RPM_BUILD_ROOT/etc/xinetd.d/ +for xinetd in eklogin klogin kshell krb5-telnet gssftp ; do + install -m 644 $RPM_SOURCE_DIR/${xinetd}.xinetd \ + $RPM_BUILD_ROOT/etc/xinetd.d/${xinetd} +done + +# Trim off useless info. +strip $RPM_BUILD_ROOT%{prefix}/bin/* $RPM_BUILD_ROOT%{prefix}/sbin/* || : +strip -g $RPM_BUILD_ROOT%{prefix}/lib/lib* || : + +%post libs +grep -q %{prefix}/lib /etc/ld.so.conf || echo %{prefix}/lib >> /etc/ld.so.conf +/sbin/ldconfig + +%postun libs -p /sbin/ldconfig + +%post server +# Remove the init script for older servers. +[ -x /etc/rc.d/init.d/krb5server ] && /sbin/chkconfig --del krb5server +# Install the new ones. +/sbin/chkconfig --add krb5kdc +/sbin/chkconfig --add kadmin +/sbin/chkconfig --add krb524 +/sbin/chkconfig --add kprop +# Install info pages. +/sbin/install-info %{_infodir}/krb425.info.gz %{_infodir}/dir +/sbin/install-info %{_infodir}/krb5-admin.info.gz %{_infodir}/dir +/sbin/install-info %{_infodir}/krb5-install.info.gz %{_infodir}/dir + +%preun server +if [ "$1" = "0" ] ; then + /sbin/chkconfig --del krb5kdc + /sbin/chkconfig --del kadmin + /sbin/chkconfig --del krb524 + /sbin/chkconfig --del kprop + /sbin/service krb5kdc stop > /dev/null 2>&1 || : + /sbin/service kadmin stop > /dev/null 2>&1 || : + /sbin/service krb524 stop > /dev/null 2>&1 || : + /sbin/service kprop stop > /dev/null 2>&1 || : + /sbin/install-info --delete %{_infodir}/krb425.info.gz %{_infodir}/dir + /sbin/install-info --delete %{_infodir}/krb5-admin.info.gz %{_infodir}/dir + /sbin/install-info --delete %{_infodir}/krb5-install.info.gz %{_infodir}/dir +fi + +%postun server +if [ "$1" -ge 1 ] ; then + /sbin/service krb5kdc condrestart > /dev/null 2>&1 || : + /sbin/service kadmin condrestart > /dev/null 2>&1 || : + /sbin/service krb524 condrestart > /dev/null 2>&1 || : + /sbin/service kprop condrestart > /dev/null 2>&1 || : +fi + +%post workstation +/sbin/install-info %{_infodir}/krb5-user.info %{_infodir}/dir +/sbin/service xinetd reload > /dev/null 2>&1 || : + +%preun workstation +if [ "$1" = "0" ] ; then + /sbin/install-info --delete %{_infodir}/krb5-user.info %{_infodir}/dir +fi + +%postun workstation +/sbin/service xinetd reload > /dev/null 2>&1 || : + +%files workstation +%defattr(-,root,root) + +%config /etc/profile.d/krb5.sh +%config /etc/profile.d/krb5.csh + +%config(noreplace) /etc/xinetd.d/* + +%doc doc/user*.html doc/user*.ps.gz src/config-files/services.append +%attr(0755,root,root) %doc src/config-files/convert-config-files +%{_infodir}/krb5-user.info* +%{prefix}/bin/ftp +%{prefix}/man/man1/ftp.1* +%{prefix}/bin/gss-client +%{prefix}/bin/kdestroy +%{prefix}/man/man1/kdestroy.1* +%{prefix}/man/man1/kerberos.1* +%{prefix}/bin/kinit +%{prefix}/man/man1/kinit.1* +%{prefix}/bin/klist +%{prefix}/man/man1/klist.1* +%{prefix}/bin/kpasswd +%{prefix}/man/man1/kpasswd.1* +%{prefix}/bin/krb524init +%{prefix}/sbin/kadmin +%{prefix}/man/man8/kadmin.8* +%{prefix}/sbin/ktutil +%{prefix}/man/man8/ktutil.8* +%attr(0755,root,root) %{prefix}/bin/ksu +%{prefix}/man/man1/ksu.1* +%{prefix}/bin/kvno +%{prefix}/man/man1/kvno.1* +%{prefix}/bin/rcp +%{prefix}/man/man1/rcp.1* +%{prefix}/bin/krlogin +%{prefix}/bin/rlogin +%{prefix}/man/man1/rlogin.1* +%{prefix}/bin/krsh +%{prefix}/bin/rsh +%{prefix}/man/man1/rsh.1* +%{prefix}/bin/telnet +%{prefix}/man/man1/telnet.1* +%{prefix}/man/man1/tmac.doc* +%attr(0755,root,root) %{prefix}/bin/v4rcp +%{prefix}/man/man1/v4rcp.1* +%{prefix}/bin/v5passwd +%{prefix}/man/man1/v5passwd.1* +%{prefix}/bin/sim_client +%{prefix}/bin/uuclient +%{prefix}/sbin/login.krb5 +%{prefix}/man/man8/login.krb5.8* +%{prefix}/sbin/ftpd +%{prefix}/man/man8/ftpd.8* +%{prefix}/sbin/gss-server +%{prefix}/sbin/klogind +%{prefix}/man/man8/klogind.8* +%{prefix}/sbin/kshd +%{prefix}/man/man8/kshd.8* +%{prefix}/sbin/telnetd +%{prefix}/man/man8/telnetd.8* +%{prefix}/sbin/uuserver +%{prefix}/man/man5/.k5login.5* +%{prefix}/man/man5/krb5.conf.5* + +%files server +%defattr(-,root,root) + +%config /etc/rc.d/init.d/krb5kdc +%config /etc/rc.d/init.d/kadmin +%config /etc/rc.d/init.d/krb524 +%config /etc/rc.d/init.d/kprop + +%doc doc/admin*.ps.gz doc/admin*.html +%doc doc/krb425*.ps.gz doc/krb425*.html +%doc doc/install*.ps.gz doc/install*.html + +%{_infodir}/krb5-admin.info* +%{_infodir}/krb5-install.info* +%{_infodir}/krb425.info* + +%dir %{_var}/kerberos/krb5kdc +%config(noreplace) %{_var}/kerberos/krb5kdc/kdc.conf +%config(noreplace) %{_var}/kerberos/krb5kdc/kadm5.acl + +%{prefix}/man/man5/kdc.conf.5* +%{prefix}/sbin/kadmin.local +%{prefix}/man/man8/kadmin.local.8* +%{prefix}/sbin/kadmind +%{prefix}/man/man8/kadmind.8* +%{prefix}/sbin/kadmind4 +%{prefix}/sbin/kdb5_util +%{prefix}/man/man8/kdb5_util.8* +%{prefix}/sbin/kprop +%{prefix}/man/man8/kprop.8* +%{prefix}/sbin/kpropd +%{prefix}/man/man8/kpropd.8* +%{prefix}/sbin/krb5-send-pr +%{prefix}/man/man1/krb5-send-pr.1* +%{prefix}/sbin/krb524d +%{prefix}/sbin/krb5kdc +%{prefix}/man/man8/krb5kdc.8* +%{prefix}/sbin/sim_server +%{prefix}/sbin/v5passwdd +# This is here for people who want to test their server, and also +# included in devel package for similar reasons. +%{prefix}/bin/sclient +%{prefix}/man/man1/sclient.1* +%{prefix}/sbin/sserver +%{prefix}/man/man8/sserver.8* + +%files libs +%defattr(-,root,root) +%{prefix}/lib/lib*.so.*.* +%config /etc/rc.d/init.d/kdcrotate +%config(noreplace) /etc/krb5.conf + +%files devel +%defattr(-,root,root) +%doc doc/api +%doc doc/implement +%doc doc/kadm5 +%doc doc/kadmin +%doc doc/krb5-protocol +%doc doc/rpc +%{prefix}/include +%{prefix}/lib/lib*.a +%{prefix}/lib/lib*.so +%{prefix}/bin/sclient +%{prefix}/man/man1/sclient.1* +%{prefix}/sbin/sserver +%{prefix}/man/man8/sserver.8* + +%clean +[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT diff --git a/krb524d.init b/krb524d.init new file mode 100755 index 0000000..985544b --- /dev/null +++ b/krb524d.init @@ -0,0 +1,69 @@ +#!/bin/sh +# +# krb524 Start and stop the krb524 service. +# +# chkconfig: - 35 65 +# description: Kerberos 5 is a trusted third-party authentication system. \ +# This script starts and stops krb524d, which converts \ +# Kerberos 5 credentials to Kerberos IV credentials. +# processname: krb524d +# + +# Get config. +. /etc/sysconfig/network + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 0 + +# Source function library. +. /etc/rc.d/init.d/functions + +RETVAL=0 + +# Sheel functions to cut down on useless shell instances. +start() { + if [ ! -f /var/kerberos/krb5kdc/principal ] ; then + exit 0 + fi + echo -n "Starting Kerberos 5-to-4 Server:" + daemon /usr/kerberos/sbin/krb524d -m + RETVAL=$? + echo + [ $RETVAL = 0 ] && touch /var/lock/subsys/krb524 +} +stop() { + echo -n "Stopping Kerberos 5-to-4 Server:" + killproc krb524d + RETVAL=$? + echo + [ $RETVAL = 0 ] && rm -f /var/lock/subsys/krb524 +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + status) + status krb524d + ;; + condrestart) + if [ -f /var/lock/subsys/krb524 ] ; then + stop + start + fi + ;; + *) + echo "Usage: $0 {start|stop|status|restart|condrestart}" + RETVAL=1 + ;; +esac + +exit $RETVAL diff --git a/krb5kdc.init b/krb5kdc.init new file mode 100755 index 0000000..855c748 --- /dev/null +++ b/krb5kdc.init @@ -0,0 +1,69 @@ +#!/bin/sh +# +# krb5kdc Start and stop the Kerberos 5 servers. +# +# chkconfig: - 35 65 +# description: Kerberos 5 is a trusted third-party authentication system. \ +# This script starts and stops the server that Kerberos IV and 5 \ +# clients need to connect to in order to obtain credentials. +# processname: krb5kdc +# + +# Get config. +. /etc/sysconfig/network + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 0 + +# Source function library. +. /etc/rc.d/init.d/functions + +RETVAL=0 + +# Sheel functions to cut down on useless shell instances. +start() { + if [ ! -f /var/kerberos/krb5kdc/principal ] ; then + exit 0 + fi + echo -n "Starting Kerberos 5 KDC:" + daemon /usr/kerberos/sbin/krb5kdc + RETVAL=$? + echo + [ $RETVAL = 0 ] && touch /var/lock/subsys/krb5kdc +} +stop() { + echo -n "Stopping Kerberos 5 KDC:" + killproc krb5kdc + RETVAL=$? + echo + [ $RETVAL = 0 ] && rm -f /var/lock/subsys/krb5kdc +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + status) + status krb5kdc + ;; + condrestart) + if [ -f /var/lock/subsys/krb5kdc ] ; then + stop + start + fi + ;; + *) + echo "Usage: $0 {start|stop|status|restart|condrestart}" + RETVAL=1 + ;; +esac + +exit $RETVAL @@ -0,0 +1 @@ +/usr/kerberos/bin/rlogin -x $* @@ -0,0 +1 @@ +/usr/kerberos/bin/rsh -x $* diff --git a/kshell.xinetd b/kshell.xinetd new file mode 100644 index 0000000..95bd598 --- /dev/null +++ b/kshell.xinetd @@ -0,0 +1,13 @@ +# default: off +# description: The kerberized rshell server accepts rshell commands \ +# authenticated and encrypted with Kerberos 5. +service kshell +{ + flags = REUSE + socket_type = stream + wait = no + user = root + server = /usr/kerberos/sbin/kshd + server_args = -e -5 + disable = yes +} @@ -0,0 +1 @@ +a20d10cd42e0fdd0a3c825e0a1e2e08a krb5-1.2.1.tar |