diff options
| author | Nalin Dahyabhai <nalin@fedoraproject.org> | 2007-05-18 22:16:16 +0000 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@fedoraproject.org> | 2007-05-18 22:16:16 +0000 |
| commit | a9c20b157455e406524ccb3d81441c1692d50cf4 (patch) | |
| tree | 96d99b4e764596a3a3fb3056dbf6e2386aba95d6 | |
| parent | ea9e19241a11f3805a1703f66488754dfc159634 (diff) | |
| download | krb5-a9c20b157455e406524ccb3d81441c1692d50cf4.tar.gz krb5-a9c20b157455e406524ccb3d81441c1692d50cf4.tar.xz krb5-a9c20b157455e406524ccb3d81441c1692d50cf4.zip | |
- kadmind.init: don't fail outright if the default principal database isn't
there if it looks like we might be using the kldap plugin
- kadmind.init: attempt to extract the key for the host-specific kadmin
service when we try to create the keytab
| -rwxr-xr-x | kadmind.init | 9 | ||||
| -rw-r--r-- | krb5.spec | 6 |
2 files changed, 14 insertions, 1 deletions
diff --git a/kadmind.init b/kadmind.init index 2b22a77..8c7e108 100755 --- a/kadmind.init +++ b/kadmind.init @@ -30,7 +30,11 @@ RETVAL=0 # Shell functions to cut down on useless shell instances. start() { if [ ! -f /var/kerberos/krb5kdc/principal ] ; then - echo $"Error. Default principal database does not exist." + # Make an educated guess -- if they're using kldap somewhere, + # then we don't know for sure that this is an error. + if [ ! grep -q 'db_library.*=.*kldap' /etc/krb5.conf ] ; then + echo $"Error. Default principal database does not exist." + fi exit 0 fi if [ -f /var/kerberos/krb5kdc/kpropd.acl ] ; then @@ -39,7 +43,10 @@ start() { else if [ ! -f /var/kerberos/krb5kdc/kadm5.keytab ] ; then echo -n $"Extracting kadm5 Service Keys: " + # This should always work. /usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin${KRB5REALM:+@$KRB5REALM} kadmin/changepw${KRB5REALM:+@$KRB5REALM}" && success || failure + # It's probably okay if this fails. + /usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/`hostname`${KRB5REALM:+@$KRB5REALM}" 2> /dev/null && success echo fi fi @@ -196,6 +196,12 @@ installed on systems which are meant provide these services. %endif %changelog +* Fri May 18 2007 Nalin Dahyabhai <nalin@redhat.com> +- kadmind.init: don't fail outright if the default principal database + isn't there if it looks like we might be using the kldap plugin +- kadmind.init: attempt to extract the key for the host-specific kadmin + service when we try to create the keytab + * Wed May 16 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6-6 - omit dependent libraries from the krb5-config --libs output, as using shared libraries (no more static libraries) makes them unnecessary and |