OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 16-Jan-2006 23:08:23
Branch: HEAD Handle: 2006011622082200
Modified files:
openpkg-src/kerberos kerberos-setup.sh kerberos.spec
Log:
allow Kerberos to be really used out-of-the-box now
Summary:
Revision Changes Path
1.5 +13 -2 openpkg-src/kerberos/kerberos-setup.sh
1.72 +23 -1 openpkg-src/kerberos/kerberos.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/kerberos/kerberos-setup.sh
============================================================================
$ cvs diff -u -r1.4 -r1.5 kerberos-setup.sh
--- openpkg-src/kerberos/kerberos-setup.sh 25 Dec 2005 22:12:56 -0000
1.4
+++ openpkg-src/kerberos/kerberos-setup.sh 16 Jan 2006 22:08:22 -0000
1.5
@@ -11,6 +11,7 @@
realm=`echo "$1" | tr 'abcdefghijklmnopqrstuvwxyz'
'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
domain=`echo "$2" | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
'abcdefghijklmnopqrstuvwxyz'`
[EMAIL PROTECTED]@/lib/openpkg/shtool echo -e "%h.$domain"`
echo "++ configure Kerberos realm \"$realm\""
sed <@l_prefix@/etc/kerberos/kdc.conf \
@@ -21,6 +22,8 @@
rm -f @l_prefix@/etc/kerberos/kdc.conf.new
sed <@l_prefix@/etc/kerberos/krb5.conf \
>@l_prefix@/etc/kerberos/krb5.conf.new \
+ -e "s;kerberos1\.example\.com;$host;" \
+ -e "s;kerberos2\.example\.com;$host;" \
-e "s;EXAMPLE\.COM;$realm;g" \
-e "s;example\.com;$domain;g"
cp -p @l_prefix@/etc/kerberos/krb5.conf.new @l_prefix@/etc/kerberos/krb5.conf
@@ -34,10 +37,18 @@
chmod 600 @l_prefix@/var/kerberos/db/kadm5.acl
echo "++ adding administrator \"[EMAIL PROTECTED]" to the Kerberos database"
[EMAIL PROTECTED]@/sbin/kadmin.local -q \
[EMAIL PROTECTED]@/sbin/kadmin.local -p admin/admin -q \
"addprinc admin/[EMAIL PROTECTED]"
echo "++ adding kadmind keytab file to the Kerberos database"
[EMAIL PROTECTED]@/sbin/kadmin.local -q \
[EMAIL PROTECTED]@/sbin/kadmin.local -p admin/admin -q \
"ktadd -k @l_prefix@/var/kerberos/db/kadm5.keytab kadmin/admin
kadmin/changepw"
+echo "++ adding local host \"host/$host\" to the Kerberos database"
[EMAIL PROTECTED]@/sbin/kadmin.local -p admin/admin -q \
+ "addprinc host/$host"
+
+echo "++ creating keytab file for local host \"host/$host\""
[EMAIL PROTECTED]@/sbin/kadmin.local -p admin/admin -q \
+ "ktadd host/$host"
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/kerberos/kerberos.spec
============================================================================
$ cvs diff -u -r1.71 -r1.72 kerberos.spec
--- openpkg-src/kerberos/kerberos.spec 16 Jan 2006 18:52:18 -0000
1.71
+++ openpkg-src/kerberos/kerberos.spec 16 Jan 2006 22:08:22 -0000
1.72
@@ -91,6 +91,10 @@
-e 's;@LOCALSTATEDIR/krb5kdc;@LOCALSTATEDIR/kerberos;g' \
-e 's;DEFAULT_KDC_PROFILE."@LOCALSTATEDIR;DEFAULT_KDC_PROFILE
"@SYSCONFDIR;g' \
src/include/krb5/stock/osconf.h
+ %{l_shtool} subst \
+ -e 's;/etc/krb5\.keytab;%{l_prefix}/etc/kerberos/krb5.keytab;' \
+ src/kadmin/cli/k5srvutil.sh \
+ src/kadmin/cli/kadmin.c
%build
# build toolkit
@@ -190,7 +194,25 @@
echo "Kerberos database with the command:"
echo " \$ $RPM_INSTALL_PREFIX/sbin/kerberos-setup <realm>
<domain>"
echo "where <domain> is the primary DNS zone of this setup and"
- echo "<realm> by convention the upper-case version of <domain>."
+ echo "<realm> by convention is the upper-case version of <domain>."
+ echo "After this you should start the Kerberos server with:"
+ echo " \$ $RPM_INSTALL_PREFIX/etc/rc kerberos start"
+ echo ""
+ echo "Then you should add and attach all remote hosts to Kerberos"
+ echo "by running the following command on each remote host:"
+ echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin -q \\ "
+ echo " \"add_principal host/<hostname>.<domain>\""
+ echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin -q \\ "
+ echo " \"ktadd host/<hostname>.<domain>\""
+ echo ""
+ echo "Then you should add all your users to Kerberos via:"
+ echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin -q \\ "
+ echo " \"add_principal <user>/<user>@<realm>\""
+ echo ""
+ echo "After this, your users can authenticate against"
+ echo "Kerberos on all attached hosts via:"
+ echo " \$ $RPM_INSTALL_PREFIX/bin/kinit <user>/<user>"
+ echo " \$ $RPM_INSTALL_PREFIX/bin/klist"
) | %{l_rpmtool} msg -b -t notice
fi
# after upgrade, restore status
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
