diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2010-06-18 23:43:51 +0200 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2010-06-18 23:43:51 +0200 |
| commit | 5e23940084c057ffaf57459c6ff6ba65ae782c60 (patch) | |
| tree | f323d66ffb66c3198dc69ef88055ca0f5321ddd2 /debian | |
| parent | 5545bb74968914a9fea5f30166238f9f54c8a04c (diff) | |
start k5start from the init script to keep the Kerberos ticket active if nslcd is configured for SASL GSSAPI kerberos authentication, based on a patch by Daniel Dehennin <daniel.dehennin@baby-gnu.org>
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1151 ef36b2f9-881f-0410-afb5-c4e39611909c
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/control | 1 | ||||
| -rw-r--r-- | debian/nslcd.conffile | 1 | ||||
| -rw-r--r-- | debian/nslcd.default | 19 | ||||
| -rw-r--r-- | debian/nslcd.init | 77 |
4 files changed, 98 insertions, 0 deletions
diff --git a/debian/control b/debian/control index 2a483f5..48f0e6c 100644 --- a/debian/control +++ b/debian/control @@ -13,6 +13,7 @@ Package: nslcd Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends}, adduser Recommends: nscd, libnss-ldapd, libpam-ldapd +Suggests: kstart Conflicts: libnss-ldapd (<< 0.7.0) Description: Daemon for NSS and PAM lookups using LDAP This package provides a daemon for retrieving user account, and other diff --git a/debian/nslcd.conffile b/debian/nslcd.conffile new file mode 100644 index 0000000..74ba8da --- /dev/null +++ b/debian/nslcd.conffile @@ -0,0 +1 @@ +nslcd.default /etc/default/nslcd diff --git a/debian/nslcd.default b/debian/nslcd.default new file mode 100644 index 0000000..41d7ead --- /dev/null +++ b/debian/nslcd.default @@ -0,0 +1,19 @@ +# Defaults for nslcd init script + +# Whether to start k5start (for obtaining and keeping a Kerberos ticket) +# By default k5start is started if nslcd.conf has sasl_mech set to GSSAPI +# and krb5_ccname is set to a file-type ticket cache. +# Set to "yes" to force starting k5start, any other value will not start +# k5start. +#K5START_START="yes" + +# Options for k5start. +#K5START_BIN=/usr/bin/k5start +#K5START_PIDFILE=/var/run/nslcd/k5start_nslcd.pid +#K5START_USER=nslcd +#K5START_GROUP=nslcd +#K5START_MODE=600 +#K5START_KEYTAB=/etc/krb5.keytab +#K5START_CCREFRESH=60 +#K5START_PRINCIPAL="host/$(hostname -f)" +#K5START_CCNAME=/var/run/nslcd/krb5cc_nslcd diff --git a/debian/nslcd.init b/debian/nslcd.init index 221eadb..ed4a813 100644 --- a/debian/nslcd.init +++ b/debian/nslcd.init @@ -44,10 +44,80 @@ NSLCD_PIDFILE=$NSLCD_STATEDIR/nslcd.pid . /lib/lsb/init-functions +# default options for k5start +K5START_BIN=/usr/bin/k5start +K5START_DESC="Keep alive Kerberos ticket" +K5START_START="" +K5START_PIDFILE=$NSLCD_STATEDIR/k5start_nslcd.pid +K5START_USER=$(sed -n 's/^uid *\([^ ]*\) *$/\1/ip' $NSLCD_CFG) +K5START_GROUP=$(sed -n 's/^gid *\([^ ]*\) *$/\1/ip' $NSLCD_CFG) +K5START_MODE=600 +K5START_KEYTAB=/etc/krb5.keytab +K5START_CCREFRESH=60 +K5START_PRINCIPAL="host/$(hostname -f)" +K5START_CCFILE=$(sed -n 's/^krb5_ccname *\(FILE:\)\?\([^: ]*\) *$/\2/ip' $NSLCD_CFG) + +# check if we should use k5start by default (sasl_mech should be GSSAPI and +# krb5_ccname should be found) +if [ -x "$K5START_BIN" ] && \ + grep -q '^sasl_mech *GSSAPI$' $NSLCD_CFG && \ + [ -n "$K5START_CCFILE" ] +then + K5START_START="yes" +fi + +# read defaults +[ -f /etc/default/nslcd ] && . /etc/default/nslcd + +k5start_start() +{ + if [ "$K5START_START" = "yes" ] + then + log_daemon_msg "Starting $K5START_DESC" "k5start" + start-stop-daemon --start \ + --pidfile $K5START_PIDFILE \ + --exec $K5START_BIN -- \ + -b -p $K5START_PIDFILE \ + -o $K5START_USER \ + -g $K5START_GROUP \ + -m $K5START_MODE \ + -f $K5START_KEYTAB \ + -K $K5START_CCREFRESH \ + -u $K5START_PRINCIPAL \ + -k $K5START_CCFILE + log_end_msg $? + fi +} + +k5start_stop() +{ + if [ "$K5START_START" = "yes" ] + then + log_daemon_msg "Stopping $K5START_DESC" "k5start" + start-stop-daemon --stop --oknodo --pidfile $K5START_PIDFILE + log_end_msg $? + # remove any left behind files + [ -n "$K5START_PIDFILE" ] && rm -f $K5START_PIDFILE + [ -n "$K5START_CCFILE" ] && rm -f $K5START_CCFILE + fi +} + +k5start_status() +{ + if [ "$K5START_START" = "yes" ] + then + status_of_proc -p "$K5START_PIDFILE" "$K5START_BIN" "k5start" + fi +} + case "$1" in start) + # set up state directory [ -d "$NSLCD_STATEDIR" ] || ( mkdir -m 755 "$NSLCD_STATEDIR" ; \ chown nslcd:nslcd "$NSLCD_STATEDIR" ) + # start k5start if needed + k5start_start + # start nslcd log_daemon_msg "Starting $NSLCD_DESC" "nslcd" start-stop-daemon --start --oknodo \ --pidfile $NSLCD_PIDFILE \ @@ -55,12 +125,15 @@ start) log_end_msg $? ;; stop) + # stop nslcd log_daemon_msg "Stopping $NSLCD_DESC" "nslcd" start-stop-daemon --stop --oknodo \ --pidfile $NSLCD_PIDFILE \ --name nslcd log_end_msg $? [ -n "$NSLCD_PIDFILE" ] && rm -f $NSLCD_PIDFILE + # stop k5start + k5start_stop ;; restart|force-reload) [ -d "$NSLCD_STATEDIR" ] || ( mkdir -m 755 "$NSLCD_STATEDIR" ; \ @@ -69,7 +142,10 @@ restart|force-reload) start-stop-daemon --stop --quiet --retry 10 \ --pidfile $NSLCD_PIDFILE \ --name nslcd + log_end_msg $? [ -n "$NSLCD_PIDFILE" ] && rm -f $NSLCD_PIDFILE + k5start_stop + k5start_start start-stop-daemon --start \ --pidfile $NSLCD_PIDFILE \ --startas $NSLCD_BIN @@ -90,6 +166,7 @@ status) log_success_msg "nslcd stopped" exit 3 fi + k5start_status ;; *) log_success_msg "Usage: $0 {start|stop|restart|force-reload|status}" |