rpms/krb5/devel kadmind.init,1.9,1.10 krb5.spec,1.108,1.109

Nalin Somabhai Dahyabhai (nalin) fedora-extras-commits at redhat.com
Fri May 18 22:16:53 UTC 2007 

Author: nalin

Update of /cvs/pkgs/rpms/krb5/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27598

Modified Files:
	kadmind.init krb5.spec 
Log Message:
- kadmind.init: don't fail outright if the default principal database
  isn't there if it looks like we might be using the kldap plugin
- kadmind.init: attempt to extract the key for the host-specific kadmin
  service when we try to create the keytab



Index: kadmind.init
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/kadmind.init,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- kadmind.init	18 Oct 2006 21:36:40 -0000	1.9
+++ kadmind.init	18 May 2007 22:16:16 -0000	1.10
@@ -30,7 +30,11 @@
 # Shell functions to cut down on useless shell instances.
 start() {
   	if [ ! -f /var/kerberos/krb5kdc/principal ] ; then
-	    echo $"Error. Default principal database does not exist."
+	    # Make an educated guess -- if they're using kldap somewhere,
+	    # then we don't know for sure that this is an error.
+  	    if [ ! grep -q 'db_library.*=.*kldap' /etc/krb5.conf ] ; then
+	        echo $"Error. Default principal database does not exist."
+	    fi
 	    exit 0
 	fi
   	if [ -f /var/kerberos/krb5kdc/kpropd.acl ] ; then
@@ -39,7 +43,10 @@
 	else
   	    if [ ! -f /var/kerberos/krb5kdc/kadm5.keytab ] ; then
 		echo -n $"Extracting kadm5 Service Keys: "
+		# This should always work.
 		/usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin${KRB5REALM:+@$KRB5REALM} kadmin/changepw${KRB5REALM:+@$KRB5REALM}" && success || failure
+		# It's probably okay if this fails.
+		/usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/`hostname`${KRB5REALM:+@$KRB5REALM}" 2> /dev/null && success
 		echo
 	    fi
 	fi


Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.108
retrieving revision 1.109
diff -u -r1.108 -r1.109
--- krb5.spec	16 May 2007 19:48:19 -0000	1.108
+++ krb5.spec	18 May 2007 22:16:16 -0000	1.109
@@ -196,6 +196,12 @@
 %endif
 
 %changelog
+* Fri May 18 2007 Nalin Dahyabhai <nalin at redhat.com>
+- kadmind.init: don't fail outright if the default principal database
+  isn't there if it looks like we might be using the kldap plugin
+- kadmind.init: attempt to extract the key for the host-specific kadmin
+  service when we try to create the keytab
+
 * Wed May 16 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6-6
 - omit dependent libraries from the krb5-config --libs output, as using
   shared libraries (no more static libraries) makes them unnecessary and

More information about the scm-commits mailing list