rpms/krb5/F-11 krb5.portreserve, NONE, 1.1 kadmind.init, 1.14, 1.15 kpropd.init, 1.4, 1.5 krb5.spec, 1.187, 1.188 krb5kdc.init, 1.10, 1.11
Nalin Dahyabhai
nalin at fedoraproject.org
Thu Jan 14 23:29:57 UTC 2010
Author: nalin
Update of /cvs/extras/rpms/krb5/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25976
Modified Files:
kadmind.init kpropd.init krb5.spec krb5kdc.init
Added Files:
krb5.portreserve
Log Message:
- use portreserve to make sure the KDC can always bind to the kerberos-iv
port, kpropd can always bind to the krb5_prop port, and that kadmind can
always bind to the kerberos-adm port (#555279)
- backport the LSB headers for the init scripts
- make the kpropd init script treat 'reload' as 'restart' (part of #225974)
--- NEW FILE krb5.portreserve ---
kerberos-adm/tcp
kerberos-iv
krb5_prop/tcp
Index: kadmind.init
===================================================================
RCS file: /cvs/extras/rpms/krb5/F-11/kadmind.init,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -p -r1.14 -r1.15
--- kadmind.init 4 Apr 2008 21:29:53 -0000 1.14
+++ kadmind.init 14 Jan 2010 23:29:55 -0000 1.15
@@ -11,6 +11,19 @@
# config: /etc/sysconfig/kadmin
#
+### BEGIN INIT INFO
+# Provides: kadmin
+# Required-Start: $local_fs $network
+# Required-Stop: $local_fs $network
+# Should-Start: portreserve
+# Default-Start:
+# Default-Stop: 0 1 2 3 4 5 6
+# Short-Description: start and stop the Kerberos 5 admin server
+# Description: The kadmind service allows administrators to remotely manage \
+# the Kerberos 5 realm database. It should only be run on a \
+# master KDC.
+### END INIT INFO
+
# Get config.
. /etc/sysconfig/network
@@ -41,6 +54,8 @@ start() {
[ -x $kadmind ] || exit 5
fi
echo -n $"Starting $prog: "
+ # tell portreserve to release the kerberos-adm port
+ [ -x /sbin/portrelease ] && /sbin/portrelease kerberos-adm &>/dev/null || :
daemon ${kadmind} ${KRB5REALM:+-r ${KRB5REALM}} $KADMIND_ARGS
RETVAL=$?
echo
Index: kpropd.init
===================================================================
RCS file: /cvs/extras/rpms/krb5/F-11/kpropd.init,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- kpropd.init 2 Jan 2008 17:03:38 -0000 1.4
+++ kpropd.init 14 Jan 2010 23:29:56 -0000 1.5
@@ -9,6 +9,18 @@
# processname: kpropd
#
+### BEGIN INIT INFO
+# Provides: kprop
+# Required-Start: $local_fs $network
+# Required-Stop: $local_fs $network
+# Should-Start: portreserve
+# Default-Start:
+# Default-Stop: 0 1 2 3 4 5 6
+# Short-Description: start and stop the Kerberos 5 propagation client
+# Description: The kpropd service accepts database updates pushed to it from \
+# the master KDC. It will never be needed on a master KDC.
+### END INIT INFO
+
# Get config.
. /etc/sysconfig/network
@@ -24,6 +36,8 @@ start() {
[ -f /var/kerberos/krb5kdc/kpropd.acl ] || exit 6
[ -x $kpropd ] || exit 5
echo -n $"Starting $prog: "
+ # tell portreserve to release the krb5_prop port
+ [ -x /sbin/portrelease ] && /sbin/portrelease krb5_prop &>/dev/null || :
daemon ${kpropd} -S
RETVAL=$?
echo
@@ -45,7 +59,8 @@ case "$1" in
stop)
stop
;;
- restart)
+ # We don't really "do" reload, so treat it as a restart.
+ restart|reload)
stop
start
;;
Index: krb5.spec
===================================================================
RCS file: /cvs/extras/rpms/krb5/F-11/krb5.spec,v
retrieving revision 1.187
retrieving revision 1.188
diff -u -p -r1.187 -r1.188
--- krb5.spec 12 Jan 2010 19:26:48 -0000 1.187
+++ krb5.spec 14 Jan 2010 23:29:56 -0000 1.188
@@ -16,7 +16,7 @@
Summary: The Kerberos network authentication system.
Name: krb5
Version: 1.6.3
-Release: 23%{?dist}
+Release: 24%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -50,6 +50,7 @@ Source25: krb5-trunk-manpaths.txt
Source26: gssftp.pamd
Source27: kshell.pamd
Source28: ekshell.pamd
+Source29: krb5.portreserve
Patch3: krb5-1.3-netkit-rsh.patch
Patch4: krb5-1.3-rlogind-environ.patch
@@ -159,6 +160,8 @@ Group: System Environment/Daemons
Summary: The KDC and related programs for Kerberos 5.
Requires: %{name}-libs = %{version}-%{release}
Prereq: grep, /sbin/install-info, /bin/sh, sh-utils, /sbin/chkconfig
+# portreserve is used by init scripts for kadmind, kpropd, and krb5kdc
+Requires: portreserve
%description server
Kerberos is a network authentication system. The krb5-server package
@@ -236,6 +239,13 @@ to obtain initial credentials from a KDC
certificate.
%changelog
+* Thu Jan 14 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.6.3-24
+- use portreserve to make sure the KDC can always bind to the kerberos-iv
+ port, kpropd can always bind to the krb5_prop port, and that kadmind can
+ always bind to the kerberos-adm port (#555279)
+- backport the LSB headers for the init scripts
+- make the kpropd init script treat 'reload' as 'restart' (part of #225974)
+
* Tue Jan 12 2010 Nalin Dahyabhai <nalin at redhat.com> - 1.6.3-23
- add upstream patch for integer underflow during AES and RC4 decryption
(CVE-2009-4212), via Tom Yu (#545015)
@@ -1574,6 +1584,8 @@ mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
install -pm 644 $RPM_SOURCE_DIR/krb5kdc.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/krb5kdc
install -pm 644 $RPM_SOURCE_DIR/kadmin.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/kadmin
install -pm 644 $RPM_SOURCE_DIR/krb524.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/krb524
+mkdir -p $RPM_BUILD_ROOT/etc/portreserve
+install -pm 644 $RPM_SOURCE_DIR/krb5.portreserve $RPM_BUILD_ROOT/etc/portreserve/krb5
# Xinetd configuration files.
mkdir -p $RPM_BUILD_ROOT/etc/xinetd.d/
@@ -1836,6 +1848,7 @@ exit 0
%config(noreplace) /etc/sysconfig/krb5kdc
%config(noreplace) /etc/sysconfig/kadmin
%config(noreplace) /etc/sysconfig/krb524
+%config(noreplace) /etc/portreserve/krb5
%doc doc/admin*.ps.gz
%doc doc/krb425*.ps.gz
Index: krb5kdc.init
===================================================================
RCS file: /cvs/extras/rpms/krb5/F-11/krb5kdc.init,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -p -r1.10 -r1.11
--- krb5kdc.init 2 Jan 2008 17:03:38 -0000 1.10
+++ krb5kdc.init 14 Jan 2010 23:29:56 -0000 1.11
@@ -10,6 +10,18 @@
# config: /etc/sysconfig/krb5kdc
#
+### BEGIN INIT INFO
+# Provides: krb5kdc
+# Required-Start: $local_fs $network
+# Required-Stop: $local_fs $network
+# Should-Start: portreserve
+# Default-Start:
+# Default-Stop: 0 1 2 3 4 5 6
+# Short-Description: start and stop the Kerberos 5 KDC
+# Description: The krb5kdc is the Kerberos 5 key distribution center, which \
+# issues credentials to Kerberos 5 clients.
+### END INIT INFO
+
# Get config.
. /etc/sysconfig/network
@@ -27,9 +39,16 @@ krb5kdc=/usr/kerberos/sbin/krb5kdc
start() {
[ -x $krb5kdc ] || exit 5
echo -n $"Starting $prog: "
+ # tell portreserve to release the kerberos-iv port
+ [ -x /sbin/portrelease ] && /sbin/portrelease kerberos-iv &>/dev/null || :
daemon ${krb5kdc} ${KRB5REALM:+-r ${KRB5REALM}} $KRB5KDC_ARGS
RETVAL=$?
echo
+ if test $RETVAL -ne 0 ; then
+ if status ${krb5kdc} > /dev/null ; then
+ RETVAL=0
+ fi
+ fi
[ $RETVAL = 0 ] && touch /var/lock/subsys/krb5kdc
}
stop() {
More information about the scm-commits
mailing list