diff options
| author | Nalin Dahyabhai <nalin@redhat.com> | 2011-02-09 15:25:17 -0500 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@redhat.com> | 2011-02-09 15:25:17 -0500 |
| commit | 08f510b3798ad91a2562d60dc173b08c91cb4f65 (patch) | |
| tree | e4fe4e5c059a96b9f8fd3ccca8e9967c3d6cc3a9 /krb5kdc.init | |
| parent | 62cb58fe6fd594e356532f7af11ddc2043c96ec2 (diff) | |
| download | krb5-08f510b3798ad91a2562d60dc173b08c91cb4f65.tar.gz krb5-08f510b3798ad91a2562d60dc173b08c91cb4f65.tar.xz krb5-08f510b3798ad91a2562d60dc173b08c91cb4f65.zip | |
- krb5kdc init script: prototype some changes to do a quick spot-checkkrb5-1.9-5.fc15
of the TGS and kadmind keys and warn if there aren't any non-weak keys
on file for them (to flush out parts of #651466)
Diffstat (limited to 'krb5kdc.init')
| -rwxr-xr-x | krb5kdc.init | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/krb5kdc.init b/krb5kdc.init index 363695d..c765790 100755 --- a/krb5kdc.init +++ b/krb5kdc.init @@ -36,10 +36,20 @@ RETVAL=0 prog="Kerberos 5 KDC" krb5kdc=/usr/sbin/krb5kdc pidfile=/var/run/krb5kdc.pid +PATH=/usr/lib64/krb5:/usr/lib/krb5:"$PATH" # Shell functions to cut down on useless shell instances. start() { [ -x $krb5kdc ] || exit 5 + # check that some of the basic principal names don't only have weak + # keys available. if they do, warn that they should be changed to + # get some keys for stronger ciphers added + if ! is_false "$KRB5CHECKWEAK" ; then + localhost=`hostname` + for principal in `kdb_check_weak -p "krbtgt/${KRB5REALM:+${KRB5REALM}@${KRB5REALM}}" "kadmin/admin${KRB5REALM:+@${KRB5REALM}}" "kadmin/changepw${KRB5REALM:+@${KRB5REALM}}" "kadmin/$localhost${KRB5REALM:+@${KRB5REALM}}"` ; do + echo -n "Keys for $principal should be changed to include keys for non-weak ciphers." ; warning ; echo "" + done + fi echo -n $"Starting $prog: " # tell portreserve to release the kerberos-iv port [ -x /sbin/portrelease ] && /sbin/portrelease kerberos-iv &>/dev/null || : |