Dont use a MIT domain or realm in our default config, add a self written quickstart guide, correct path to keytab file, install documentation because this is a complex package, remove more version 4 crap, properly start the servers really writing pids this time, fix the daily section, and allow for disjointed logfile rotation. Also complete features for ticket #202. Whew.

kerberos/kdc.conf

@@ -2,11 +2,11 @@
     kdc_ports = 750,88
 
 [realms]
-    ATHENA.MIT.EDU = {
+    EXAMPLE.OPENPKG.ORG = {
         database_name = @l_prefix@/var/kerberos/principal
         admin_keytab = FILE:@l_prefix@/var/kerberos/kadm5.keytab
         acl_file = @l_prefix@/var/kerberos/kadm5.acl
-        key_stash_file = @l_prefix@/var/kerberos/.k5.ATHENA.MIT.EDU
+        key_stash_file = @l_prefix@/var/kerberos/.k5.EXAMPLE.OPENPKG.ORG
         kdc_ports = 750,88
         max_life = 10h 0m 0s
         max_renewable_life = 7d 0h 0m 0s

kerberos/kerberos.spec

@@ -33,7 +33,7 @@ Distribution: OpenPKG [PLUS]
 Group:        Cryptography
 License:      MIT
 Version:      1.2.8
-Release:      20030825
+Release:      20030826
 
 #   package options
 %option       with_fsl  yes
@@ -44,6 +44,7 @@ Source1:      rc.kerberos
 Source2:      fsl.kerberos
 Source3:      krb5.conf
 Source4:      kdc.conf
+Source5:      krb5quick.ps
 Patch0:       kerberos.patch
 
 #   build information
@@ -71,6 +72,7 @@ AutoReqProv:  no
     %patch -p1
     %{l_shtool} subst \
         -e 's;/etc/krb5.conf:@SYSCONFDIR/krb5.conf;@SYSCONFDIR/kerberos/krb5.conf;g' \
+        -e 's;FILE:/etc/krb5.keytab;FILE:@SYSCONFDIR/kerberos/krb5.keytab;g' \
         -e 's;@LOCALSTATEDIR/krb5kdc;@LOCALSTATEDIR/kerberos;g' \
         -e 's;DEFAULT_KDC_PROFILE\t"@LOCALSTATEDIR;DEFAULT_KDC_PROFILE "@SYSCONFDIR;g' \
         src/include/krb5/stock/osconf.h
@@ -101,8 +103,9 @@ AutoReqProv:  no
         $RPM_BUILD_ROOT%{l_prefix}/lib/kerberos \
         $RPM_BUILD_ROOT%{l_prefix}/libexec/kerberos \
         $RPM_BUILD_ROOT%{l_prefix}/var/kerberos/log \
-        $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
+        $RPM_BUILD_ROOT%{l_prefix}/share/kerberos/doc \
         $RPM_BUILD_ROOT%{l_prefix}/etc/kerberos \
+        $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
         $RPM_BUILD_ROOT%{l_prefix}/etc/fsl
 
     #   include catalog compiler for libcomm
@@ -165,6 +168,12 @@ AutoReqProv:  no
         %{SOURCE fsl.kerberos} \
         $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/
 
+    #   install documentation
+    %{l_shtool} install -c -m 644 %{l_value -s -a} \
+        doc/*.ps \
+        %{SOURCE krb5quick.ps} \
+        $RPM_BUILD_ROOT%{l_prefix}/share/kerberos/doc/
+
     #   determine installation files
     %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
         %{l_files_std} \

kerberos/krb5.conf

@@ -4,37 +4,19 @@
     default = FILE:@l_prefix@/var/kerberos/log/krb5lib.log
 
 [libdefaults]
-    default_realm = ATHENA.MIT.EDU
+    default_realm = EXAMPLE.OPENPKG.ORG
     default_tgs_enctypes = des-cbc-crc
     default_tkt_enctypes = des-cbc-crc
 
 [realms]
-    ATHENA.MIT.EDU = {
-        kdc = KERBEROS-2.MIT.EDU:88
-        kdc = KERBEROS.MIT.EDU
-        kdc = KERBEROS-1.MIT.EDU
-        admin_server = KERBEROS.MIT.EDU
-        default_domain = MIT.EDU
-        v4_instance_convert = {
-            mit = mit.edu
-            lithium = lithium.lcs.mit.edu
-        }
-    }
-    CYGNUS.COM = {
-        kdc = KERBEROS.CYGNUS.COM
-        kdc = KERBEROS-1.CYGNUS.COM
-        admin_server = KERBEROS.MIT.EDU
-    }
-    GNU.ORG = {
-        kdc = kerberos.gnu.org
-        kdc = kerberos-2.gnu.org
-        admin_server = kerberos.gnu.org
+    EXAMPLE.OPENPKG.ORG = {
+        kdc = KMASTER.OPENPKG.ORG
+        kdc = KSLAVE.OPENPKG.ORG
+        admin_server = KMASTER.OPENPKG.ORG
+        default_domain = OPENPKG.ORG
     }
 
 [domain_realm]
-    .mit.edu = ATHENA.MIT.EDU
-    mit.edu = ATHENA.MIT.EDU
-    .media.mit.edu = MEDIA-LAB.MIT.EDU
-    media.mit.edu = MEDIA-LAB.MIT.EDU
-    .ucsc.edu = CATS.UCSC.EDU
+    .openpkg.org = EXAMPLE.OPENPKG.ORG
+    openpkg.org = EXAMPLE.OPENPKG.ORG
 

kerberos/krb5quick.ps

@@ -0,0 +1,714 @@
+%!PS-Adobe-3.0
+%%Title: krb5quick.txt
+%%For: Michael Schloh
+%%Creator: a2ps version 4.13
+%%CreationDate: Tue Aug 26 17:20:32 2003
+%%BoundingBox: 24 24 571 818
+%%DocumentData: Clean7Bit
+%%Orientation: Portrait
+%%Pages: 1
+%%PageOrder: Ascend
+%%DocumentMedia: A4 595 842 0 () ()
+%%DocumentNeededResources: font Courier
+%%+ font Courier-Bold
+%%+ font Courier-BoldOblique
+%%+ font Courier-Oblique
+%%+ font Helvetica
+%%+ font Helvetica-Bold
+%%+ font Symbol
+%%+ font Times-Bold
+%%+ font Times-Roman
+%%DocumentProcessColors: Black 
+%%DocumentSuppliedResources: procset a2ps-a2ps-hdr
+%%+ procset a2ps-black+white-Prolog
+%%+ encoding ISO-8859-1Encoding
+%%EndComments
+/a2psdict 200 dict def
+a2psdict begin
+%%BeginProlog
+%%Copyright: (c) 1988, 89, 90, 91, 92, 93 Miguel Santana
+%%Copyright: (c) 1995, 96, 97, 98 Akim Demaille, Miguel Santana
+% Check PostScript language level.
+/languagelevel where {
+  pop /gs_languagelevel languagelevel def
+} {
+  /gs_languagelevel 1 def
+} ifelse
+
+% EPSF import as in the Red Book
+/BeginInclude {
+  /b4_Inc_state save def    		% Save state for cleanup
+  /dict_count countdictstack def	% Count objects on dict stack
+  /op_count count 1 sub def		% Count objects on operand stack 
+  userdict begin
+    0 setgray 0 setlinecap
+    1 setlinewidth 0 setlinejoin
+    10 setmiterlimit [ ] 0 setdash newpath
+    gs_languagelevel 1 ne {
+      false setstrokeadjust false setoverprint 
+    } if
+} bind def
+
+/EndInclude {
+  count op_count sub { pos } repeat	% Clean up stacks
+  countdictstack dict_count sub { end } repeat
+  b4_Inc_state restore
+} bind def
+
+/BeginEPSF {
+  BeginInclude
+  /showpage { } def
+} bind def
+
+/EndEPSF {
+  EndInclude
+} bind def
+
+% Page prefeed
+/page_prefeed {         % bool -> -
+  statusdict /prefeed known {
+    statusdict exch /prefeed exch put
+  } {
+    pop
+  } ifelse
+} bind def
+
+/deffont {
+  findfont exch scalefont def
+} bind def
+
+/reencode_font {
+  findfont reencode 2 copy definefont pop def
+} bind def
+
+% Function c-show (str => -)
+% centers text only according to x axis.
+/c-show { 
+  dup stringwidth pop
+  2 div neg 0 rmoveto
+  show
+} bind def
+
+% Function l-show (str => -)
+% prints texts so that it ends at currentpoint
+/l-show {
+  dup stringwidth pop neg 
+  0 
+  rmoveto show
+} bind def
+
+% center-fit show (str w => -)
+% show centered, and scale currentfont so that the width is less than w
+/cfshow {
+  exch dup stringwidth pop
+  % If the title is too big, try to make it smaller
+  3 2 roll 2 copy
+  gt
+  { % if, i.e. too big
+    exch div
+    currentfont exch scalefont setfont
+  } { % ifelse
+    pop pop 
+  }
+  ifelse
+  c-show			% center title
+} bind def
+
+% Return the y size of the current font
+% - => fontsize
+/currentfontsize {
+  currentfont /FontMatrix get 3 get 1000 mul
+} bind def
+
+% reencode the font
+% <encoding-vector> <fontdict> -> <newfontdict>
+/reencode { %def
+  dup length 5 add dict begin
+    { %forall
+      1 index /FID ne 
+      { def }{ pop pop } ifelse
+    } forall
+    /Encoding exch def
+
+    % Use the font's bounding box to determine the ascent, descent,
+    % and overall height; don't forget that these values have to be
+    % transformed using the font's matrix.
+    % We use `load' because sometimes BBox is executable, sometimes not.
+    % Since we need 4 numbers an not an array avoid BBox from being executed
+    /FontBBox load aload pop
+    FontMatrix transform /Ascent exch def pop
+    FontMatrix transform /Descent exch def pop
+    /FontHeight Ascent Descent sub def
+
+    % Define these in case they're not in the FontInfo (also, here
+    % they're easier to get to.
+    /UnderlinePosition 1 def
+    /UnderlineThickness 1 def
+    
+    % Get the underline position and thickness if they're defined.
+    currentdict /FontInfo known {
+      FontInfo
+      
+      dup /UnderlinePosition known {
+	dup /UnderlinePosition get
+	0 exch FontMatrix transform exch pop
+	/UnderlinePosition exch def
+      } if
+      
+      dup /UnderlineThickness known {
+	/UnderlineThickness get
+	0 exch FontMatrix transform exch pop
+	/UnderlineThickness exch def
+      } if
+      
+    } if
+    currentdict 
+  end 
+} bind def
+
+% Function print line number (<string> # -)
+/# {
+  gsave
+    sx cw mul neg 2 div 0 rmoveto
+    f# setfont
+    c-show
+  grestore
+} bind def
+
+% -------- Some routines to enlight plain b/w printings ---------
+
+% Underline
+% width --
+/dounderline {
+  currentpoint
+  gsave
+    moveto
+    0 currentfont /Descent get currentfontsize mul rmoveto
+    0 rlineto
+    stroke
+  grestore
+} bind def
+
+% Underline a string
+% string --
+/dounderlinestring {
+  stringwidth pop
+  dounderline
+} bind def
+
+/UL {
+  /ul exch store
+} bind def
+
+% Draw a box of WIDTH wrt current font
+% width --
+/dobox {
+  currentpoint
+  gsave
+    newpath
+    moveto
+    0 currentfont /Descent get currentfontsize mul rmoveto
+    dup 0 rlineto
+    0 currentfont /FontHeight get currentfontsize mul rlineto
+    neg 0 rlineto
+    closepath
+    stroke
+  grestore
+} bind def
+
+/BX {
+  /bx exch store
+} bind def
+
+% Box a string
+% string --
+/doboxstring {
+  stringwidth pop
+  dobox
+} bind def
+
+%
+% ------------- Color routines ---------------
+%
+/FG /setrgbcolor load def
+
+% Draw the background
+% width --
+/dobackground {
+  currentpoint
+  gsave
+    newpath
+    moveto
+    0 currentfont /Descent get currentfontsize mul rmoveto
+    dup 0 rlineto
+    0 currentfont /FontHeight get currentfontsize mul rlineto
+    neg 0 rlineto
+    closepath
+    bgcolor aload pop setrgbcolor
+    fill
+  grestore
+} bind def
+
+% Draw bg for a string
+% string --
+/dobackgroundstring {
+  stringwidth pop
+  dobackground
+} bind def
+
+
+/BG {
+  dup /bg exch store
+  { mark 4 1 roll ] /bgcolor exch store } if
+} bind def
+
+
+/Show {
+  bg { dup dobackgroundstring } if
+  ul { dup dounderlinestring } if
+  bx { dup doboxstring } if
+  show
+} bind def
+
+% Function T(ab), jumps to the n-th tabulation in the current line
+/T {
+  cw mul x0 add
+  bg { dup currentpoint pop sub dobackground } if
+  ul { dup currentpoint pop sub dounderline } if
+  bx { dup currentpoint pop sub dobox } if
+  y0 moveto
+} bind def
+
+% Function n: move to the next line
+/n {
+  /y0 y0 bfs sub store
+  x0 y0 moveto
+} bind def
+
+% Function N: show and move to the next line
+/N {
+  Show
+  /y0 y0 bfs sub store
+  x0 y0 moveto
+} bind def
+
+/S {
+  Show
+} bind def
+
+%%BeginResource: procset a2ps-a2ps-hdr 2.0 2
+%%Copyright: (c) 1988, 89, 90, 91, 92, 93 Miguel Santana
+%%Copyright: (c) 1995, 96, 97, 98 Akim Demaille, Miguel Santana
+% Function title: prints page header.
+% <ct> <rt> <lt> are passed as argument
+/title { 
+  % 1. Draw the background
+  x v get y v get moveto
+  gsave
+    0 th 2 div neg rmoveto 
+    th setlinewidth
+    0.95 setgray
+    pw 0 rlineto stroke
+  grestore
+  % 2. Border it
+  gsave
+    0.7 setlinewidth
+    pw 0 rlineto
+    0 th neg rlineto
+    pw neg 0 rlineto
+    closepath stroke
+  grestore
+  % stk: ct rt lt
+  x v get y v get th sub 1 add moveto
+%%IncludeResource: font Helvetica
+  fHelvetica fnfs 0.8 mul scalefont setfont
+  % 3. The left title
+  gsave
+    dup stringwidth pop fnfs 0.8 mul add exch % leave space took on stack
+    fnfs 0.8 mul hm rmoveto
+    show			% left title
+  grestore
+  exch
+  % stk: ct ltw rt
+  % 4. the right title
+  gsave
+    dup stringwidth pop fnfs 0.8 mul add exch % leave space took on stack
+    dup
+    pw exch stringwidth pop fnfs 0.8 mul add sub
+    hm
+    rmoveto
+    show			% right title
+  grestore
+  % stk: ct ltw rtw
+  % 5. the center title
+  gsave
+    pw 3 1 roll
+    % stk: ct pw ltw rtw
+    3 copy 
+    % Move to the center of the left room
+    sub add 2 div hm rmoveto
+    % What is the available space in here?
+    add sub fnfs 0.8 mul sub fnfs 0.8 mul sub
+    % stk: ct space_left
+%%IncludeResource: font Helvetica-Bold
+  fHelvetica-Bold fnfs scalefont setfont
+    cfshow
+  grestore
+} bind def
+
+% Function border: prints virtual page border
+/border { %def
+  gsave				% print four sides
+    0 setgray
+    x v get y v get moveto
+    0.7 setlinewidth		% of the square
+    pw 0 rlineto
+    0 ph neg rlineto
+    pw neg 0 rlineto
+    closepath stroke
+  grestore
+} bind def
+
+% Function water: prints a water mark in background
+/water { %def
+  gsave
+    scx scy moveto rotate
+%%IncludeResource: font Times-Bold
+  fTimes-Bold 100 scalefont setfont
+    .97 setgray
+    dup stringwidth pop 2 div neg -50 rmoveto
+    show
+  grestore
+} bind def
+
+% Function rhead: prints the right header
+/rhead {  %def
+  lx ly moveto
+  fHelvetica fnfs 0.8 mul scalefont setfont
+  l-show
+} bind def
+
+% Function footer (cf rf lf -> -)
+/footer {
+  fHelvetica fnfs 0.8 mul scalefont setfont
+  dx dy moveto
+  show
+
+  snx sny moveto
+  l-show
+  
+  fnx fny moveto
+  c-show
+} bind def
+%%EndResource
+%%BeginResource: procset a2ps-black+white-Prolog 2.0 1
+
+% Function T(ab), jumps to the n-th tabulation in the current line
+/T { 
+  cw mul x0 add y0 moveto
+} bind def
+
+% Function n: move to the next line
+/n { %def
+  /y0 y0 bfs sub store
+  x0 y0 moveto
+} bind def
+
+% Function N: show and move to the next line
+/N {
+  Show
+  /y0 y0 bfs sub store
+  x0 y0 moveto
+}  bind def
+
+/S {
+  Show
+} bind def
+
+/p {
+  false UL
+  false BX
+  fCourier bfs scalefont setfont
+  Show
+} bind def
+
+/sy {
+  false UL
+  false BX
+  fSymbol bfs scalefont setfont
+  Show
+} bind def
+
+/k {
+  false UL
+  false BX
+  fCourier-Oblique bfs scalefont setfont
+  Show
+} bind def
+
+/K {
+  false UL
+  false BX
+  fCourier-Bold bfs scalefont setfont
+  Show
+} bind def
+
+/c {
+  false UL
+  false BX
+  fCourier-Oblique bfs scalefont setfont
+  Show
+} bind def
+
+/C {
+  false UL
+  false BX
+  fCourier-BoldOblique bfs scalefont setfont
+  Show 
+} bind def
+
+/l {
+  false UL
+  false BX
+  fHelvetica bfs scalefont setfont
+  Show
+} bind def
+
+/L {
+  false UL
+  false BX
+  fHelvetica-Bold bfs scalefont setfont
+  Show 
+} bind def
+
+/str{
+  false UL
+  false BX
+  fTimes-Roman bfs scalefont setfont
+  Show
+} bind def
+
+/e{
+  false UL
+  true BX
+  fHelvetica-Bold bfs scalefont setfont
+  Show
+} bind def
+
+%%EndResource
+%%EndProlog
+%%BeginSetup
+%%IncludeResource: font Courier
+%%IncludeResource: font Courier-Oblique
+%%IncludeResource: font Courier-Bold
+%%IncludeResource: font Times-Roman
+%%IncludeResource: font Symbol
+%%IncludeResource: font Courier-BoldOblique
+%%BeginResource: encoding ISO-8859-1Encoding
+/ISO-8859-1Encoding [
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef 
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef 
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef 
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef 
+/space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright 
+/parenleft /parenright /asterisk /plus /comma /minus /period /slash 
+/zero /one /two /three /four /five /six /seven 
+/eight /nine /colon /semicolon /less /equal /greater /question 
+/at /A /B /C /D /E /F /G 
+/H /I /J /K /L /M /N /O 
+/P /Q /R /S /T /U /V /W 
+/X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore 
+/quoteleft /a /b /c /d /e /f /g 
+/h /i /j /k /l /m /n /o 
+/p /q /r /s /t /u /v /w 
+/x /y /z /braceleft /bar /braceright /asciitilde /.notdef 
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef 
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef 
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef 
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef 
+/space /exclamdown /cent /sterling /currency /yen /brokenbar /section 
+/dieresis /copyright /ordfeminine /guillemotleft /logicalnot /hyphen /registered /macron 
+/degree /plusminus /twosuperior /threesuperior /acute /mu /paragraph /bullet 
+/cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf /threequarters /questiondown 
+/Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla 
+/Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis 
+/Eth /Ntilde /Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply 
+/Oslash /Ugrave /Uacute /Ucircumflex /Udieresis /Yacute /Thorn /germandbls 
+/agrave /aacute /acircumflex /atilde /adieresis /aring /ae /ccedilla 
+/egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis 
+/eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide 
+/oslash /ugrave /uacute /ucircumflex /udieresis /yacute /thorn /ydieresis 
+] def
+%%EndResource
+% Initialize page description variables.
+/sh 842 def
+/sw 595 def
+/llx 24 def
+/urx 571 def
+/ury 818 def
+/lly 24 def
+/#copies 1 def
+/th 0.000000 def
+/fnfs 11 def
+/bfs 10.000000 def
+/cw 6.000000 def
+
+% Dictionary for ISO-8859-1 support
+/iso1dict 8 dict begin
+  /fCourier ISO-8859-1Encoding /Courier reencode_font
+  /fCourier-Bold ISO-8859-1Encoding /Courier-Bold reencode_font
+  /fCourier-BoldOblique ISO-8859-1Encoding /Courier-BoldOblique reencode_font
+  /fCourier-Oblique ISO-8859-1Encoding /Courier-Oblique reencode_font
+  /fHelvetica ISO-8859-1Encoding /Helvetica reencode_font
+  /fHelvetica-Bold ISO-8859-1Encoding /Helvetica-Bold reencode_font
+  /fTimes-Bold ISO-8859-1Encoding /Times-Bold reencode_font
+  /fTimes-Roman ISO-8859-1Encoding /Times-Roman reencode_font
+currentdict end def
+/bgcolor [ 0 0 0 ] def
+/bg false def
+/ul false def
+/bx false def
+% The font for line numbering
+/f# /Helvetica findfont bfs .6 mul scalefont def
+/fSymbol /Symbol findfont def
+/hm fnfs 0.25 mul def
+/pw
+   cw 90.400000 mul
+def
+/ph
+   787.000000 th add
+def
+/pmw 0 def
+/pmh 0 def
+/v 0 def
+/x [
+  0
+] def
+/y [
+  pmh ph add 0 mul ph add
+] def
+/scx sw 2 div def
+/scy sh 2 div def
+/snx urx def
+/sny lly 2 add def
+/dx llx def
+/dy sny def
+/fnx scx def
+/fny dy def
+/lx snx def
+/ly ury fnfs 0.8 mul sub def
+/sx 0 def
+/tab 8 def
+/x0 0 def
+/y0 0 def
+%%EndSetup
+
+%
+% Quickstart Guide to the OpenPKG Kerberos Package
+%                     Michael Schloh von Bennewitz
+%                                   ms@openpkg.org
+%                                   26 August 2003
+%
+% To begin using Kerberos after installing the OpenPKG Kerberos package, a database, acl
+% file, administrative principal, and keytab file must exist. To create these, issue the
+% following commands.
+%
+% Remember that these Kerberos operations depend on how the Kerberos installation is
+% configured. To understand what will happen when issuing the commands, view the generic
+% OpenPKG Kerberos configuration files first.
+%
+% Files:
+%   @l_prefix@/etc/kerberos/krb5.conf
+%   @l_prefix@/etc/kerberos/kdc.conf
+%
+% Commands:
+%   @l_prefix@/libexec/kerberos/kdb5_util create -r EXAMPLE.OPENPKG.ORG -s
+%   aclfile=`grep 'acl_file = ' @l_prefix@/etc/kerberos/kdc.conf | \
+%       sed -e 's/.*acl_file = //'`
+%   echo '*/admin@EXAMPLE.OPENPKG.ORG     *' >$aclfile
+%   chmod 600 $aclfile
+%   @l_prefix@/libexec/kerberos/kadmin.local -q "addprinc admin/admin@EXAMPLE.OPENPKG.ORG"
+%   @l_prefix@/libexec/kerberos/kadmin.local -q \
+%       "ktadd -k @l_prefix@/var/kerberos/kadm5.keytab kadmin/admin kadmin/changepw"
+%   @l_prefix@/etc/rc kerberos start
+%   @l_prefix@/etc/rc kerberos stop
+%
+% Once finished, examine the log files placed in the following location if the fsl option
+% is used (as it is by default).
+%
+%   @l_prefix@/var/kerberos/log
+%
+% Ensure that the installation and configuration are both correct. Now add principals for
+% users, hosts, and services. Tweak the configuration, kerberize some client and server
+% software, and build yourself an authenicated network of hosts with Kerberos.
+%
+% Topics beyond this quickstart are explained in the packaged Kerberos documentation at
+% @l_prefix@/share/kerberos/. An additional source is a useful guide by V. Alex BRENNEN
+% at http://www.cryptnet.net/fdp/crypto/kerby-infra.html.
+%
+
+%%Page: (1) 1
+%%BeginPageSetup
+/pagesave save def
+%%EndPageSetup
+iso1dict begin
+gsave
+llx lly 0 add translate
+/v 0 store
+/x0 x v get 4.200000 add sx cw mul add store
+/y0 y v get bfs  sub store
+x0 y0 moveto
+() p n
+() N
+(                   Quickstart Guide to the OpenPKG Kerberos Package) N
+() N
+(                                       Michael Schloh von Bennewitz) N
+(                                                 michael@schloh.com) N
+(                                                     26 August 2003) N
+() N
+() N
+( To begin using Kerberos after installing the OpenPKG Kerberos package, a database, acl) N
+( file, administrative principal, and keytab file must exist. To create these, issue the) N
+( following commands.) N
+() N
+( Remember that these Kerberos operations depend on how the Kerberos installation is) N
+( configured. To understand what will happen when issuing the commands, view the generic) N
+( OpenPKG Kerberos configuration files first.) N
+() N
+( Files:) N
+(   @l_prefix@/etc/kerberos/krb5.conf) N
+(   @l_prefix@/etc/kerberos/kdc.conf) N
+() N
+( Commands:) N
+(   @l_prefix@/libexec/kerberos/kdb5_util create -r EXAMPLE.OPENPKG.ORG -s) N
+(   aclfile=`grep 'acl_file = ' @l_prefix@/etc/kerberos/kdc.conf | \\) N
+(       sed -e 's/.*acl_file = //'`) N
+(   echo '*/admin@EXAMPLE.OPENPKG.ORG     *' >$aclfile) N
+(   chmod 600 $aclfile) N
+(   @l_prefix@/libexec/kerberos/kadmin.local -q "addprinc admin/admin@EXAMPLE.OPENPKG.ORG") N
+(   @l_prefix@/libexec/kerberos/kadmin.local -q \\) N
+(       "ktadd -k @l_prefix@/var/kerberos/kadm5.keytab kadmin/admin kadmin/changepw") N
+(   @l_prefix@/etc/rc kerberos start) N
+(   @l_prefix@/etc/rc kerberos stop) N
+() N
+( Once finished, examine the log files placed in the following location if the fsl option) N
+( is used \(as it is by default\).) N
+() N
+(   @l_prefix@/var/kerberos/log) N
+() N
+( Ensure that the installation and configuration are both correct. Now add principals for) N
+( users, hosts, and services. Tweak the configuration, kerberize some client and server) N
+( software, and build yourself an authenicated network of hosts with Kerberos.) N
+() N
+( Topics beyond this quickstart are explained in the packaged Kerberos documentation at) N
+( @l_prefix@/share/kerberos/. An additional source is a useful guide by V. Alex BRENNEN) N
+( at http://www.cryptnet.net/fdp/crypto/kerby-infra.html.) N
+() N
+grestore
+end % of iso1dict
+pagesave restore
+showpage
+
+%%Trailer
+end
+%%EOF

kerberos/rc.kerberos

@@ -5,11 +5,24 @@
 
 %config
     kerberos_enable="$openpkg_rc_def"
-    kerberos_log_prolog="true"
-    kerberos_log_epilog="true"
-    kerberos_log_numfiles="10"
-    kerberos_log_minsize="1M"
-    kerberos_log_complevel="9"
+    kerberos_kdc_log="@l_prefix@/var/kerberos/log/krb5kdc.log"
+    kerberos_kdc_prolog="true"
+    kerberos_kdc_epilog="true"
+    kerberos_kdc_numfiles="10"
+    kerberos_kdc_minsize="1M"
+    kerberos_kdc_complevel="9"
+    kerberos_admin_log="@l_prefix@/var/kerberos/log/kadmin.log"
+    kerberos_admin_prolog="true"
+    kerberos_admin_epilog="true"
+    kerberos_admin_numfiles="10"
+    kerberos_admin_minsize="1M"
+    kerberos_admin_complevel="9"
+    kerberos_def_log="@l_prefix@/var/kerberos/log/krb5lib.log"
+    kerberos_def_prolog="true"
+    kerberos_def_epilog="true"
+    kerberos_def_numfiles="10"
+    kerberos_def_minsize="1M"
+    kerberos_def_complevel="9"
 
 %common
     krb5kdc_pidfile="@l_prefix@/var/kerberos/krb5kdc.pid"
@@ -33,9 +46,9 @@
 %start -u @l_susr@
     rcService kerberos enable yes || exit 0
     rcService kerberos active yes && exit 0
-    @l_prefix@/libexec/kerberos/krb5kdc
+    @l_prefix@/libexec/kerberos/krb5kdc -n &
     echo $! >$krb5kdc_pidfile
-    @l_prefix@/libexec/kerberos/kadmind
+    @l_prefix@/libexec/kerberos/kadmind -nofork &
     echo $! >$kadmind_pidfile
 
 %stop -u @l_susr@
@@ -56,11 +69,29 @@
 %daily -u @l_susr@
     rcService kerberos enable yes || exit 0
 
-    #   rotate logfile
+    #   rotate logfiles
+    rcTmp -i
+    hintfile=`rcTmp -f -n hint`
     shtool rotate -f \
-        -n ${kerberos_log_numfiles} -s ${kerberos_log_minsize} -d \
-        -z ${kerberos_log_complevel} -o @l_rusr@ -g @l_rgrp@ -m 644 \
-        -P "${kerberos_log_prolog}" \
-        -E "${kerberos_log_epilog} && rc kerberos restart" \
-        @l_prefix@/var/kerberos/kerberos.log
+        -n ${kerberos_kdc_numfiles} -s ${kerberos_kdc_minsize} -d \
+        -z ${kerberos_kdc_complevel} -o @l_susr@ -g @l_mgrp@ -m 644 \
+        -P "${kerberos_kdc_prolog}" \
+        -E "${kerberos_kdc_epilog} && echo 1 >$hintfile" \
+        ${kerberos_kdc_log}
+    shtool rotate -f \
+        -n ${kerberos_admin_numfiles} -s ${kerberos_admin_minsize} -d \
+        -z ${kerberos_admin_complevel} -o @s_rusr@ -g @m_rgrp@ -m 644 \
+        -P "${kerberos_admin_prolog}" \
+        -E "${kerberos_admin_epilog} && echo 1 >$hintfile" \
+        ${kerberos_admin_log}
+    shtool rotate -f \
+        -n ${kerberos_def_numfiles} -s ${kerberos_def_minsize} -d \
+        -z ${kerberos_def_complevel} -o @l_susr@ -g @l_mgrp@ -m 644 \
+        -P "${kerberos_def_prolog}" \
+        -E "${kerberos_def_epilog} && echo 1 >$hintfile" \
+        ${kerberos_def_log}
+    if [ -s $hintfile ]; then
+        rc kerberos restart
+    fi
+    rcTmp -k