You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
143 lines
4.7 KiB
143 lines
4.7 KiB
#!@l_prefix@/bin/openpkg rc |
|
## |
|
## rc.kerberos -- Run-Commands |
|
## |
|
|
|
%config |
|
kerberos_enable="$openpkg_rc_def" |
|
kerberos_daemons="krb5kdc kadmind kpropd" |
|
kerberos_flags_krb5kdc="" |
|
kerberos_flags_kadmind="" |
|
kerberos_flags_kpropd="" |
|
kerberos_flags_kprop="" |
|
kerberos_flags_kdb5_util_dump="" |
|
kerberos_propagate_hosts="" |
|
kerberos_propagate_update="hourly" |
|
kerberos_log_prolog="true" |
|
kerberos_log_epilog="true" |
|
kerberos_log_numfiles="10" |
|
kerberos_log_minsize="1M" |
|
kerberos_log_complevel="9" |
|
|
|
%common |
|
kerberos_db_dir="@l_prefix@/var/kerberos/db" |
|
kerberos_log_dir="@l_prefix@/var/kerberos/log" |
|
kerberos_log_names="krb5kdc kadmind kerberos" |
|
kerberos_pidfile_krb5kdc="@l_prefix@/var/kerberos/run/krb5kdc.pid" |
|
kerberos_pidfile_kadmind="@l_prefix@/var/kerberos/run/kadmind.pid" |
|
kerberos_pidfile_kpropd="@l_prefix@/var/kerberos/run/kpropd.pid" |
|
kerberos_signal () { |
|
[ -f $kerberos_pidfile_krb5kdc ] \ |
|
&& kill -$1 `cat $kerberos_pidfile_krb5kdc` |
|
local rc_kerberos_krb5kdc=$? |
|
[ -f $kerberos_pidfile_kadmind ] \ |
|
&& kill -$1 `cat $kerberos_pidfile_kadmind` |
|
local rc_kerberos_kadmind=$? |
|
[ -f $kerberos_pidfile_kpropd ] \ |
|
&& kill -$1 `cat $kerberos_pidfile_kpropd` |
|
local rc_kerberos_kpropd=$? |
|
[ $rc_kerberos_krb5kdc -eq 0 -o \ |
|
$rc_kerberos_kadmind -eq 0 -o \ |
|
$rc_kerberos_kpropd -eq 0 ] |
|
} |
|
kerberos_propagate () { |
|
@l_prefix@/sbin/kdb5_util dump \ |
|
$kerberos_flags_kdb5_util_dump \ |
|
$kerberos_db_dir/kpropd.dump |
|
for host in kerberos_propagate_hosts; do |
|
@l_prefix@/sbin/kprop \ |
|
$kerberos_flags_kprop \ |
|
-f $kerberos_db_dir/kpropd.dump \ |
|
$host |
|
done |
|
rm -f $kerberos_db_dir/kpropd.dump || true |
|
} |
|
|
|
%status -u @l_susr@ -o |
|
kerberos_usable="no" |
|
kerberos_active="no" |
|
rcService kerberos enable yes && \ |
|
kerberos_signal 0 && kerberos_active="yes" |
|
echo "kerberos_enable=\"$kerberos_enable\"" |
|
echo "kerberos_usable=\"$kerberos_usable\"" |
|
echo "kerberos_active=\"$kerberos_active\"" |
|
|
|
%start -u @l_susr@ |
|
rcService kerberos enable yes || exit 0 |
|
rcService kerberos active yes && exit 0 |
|
for daemon in $kerberos_daemons; do |
|
case "$daemon" in |
|
krb5kdc ) |
|
nohup @l_prefix@/sbin/krb5kdc -n $kerberos_flags_krb5kdc & |
|
echo $! >$kerberos_pidfile_krb5kdc |
|
;; |
|
kadmind ) |
|
nohup @l_prefix@/sbin/kadmind -nofork $kerberos_flags_kadmind & |
|
echo $! >$kerberos_pidfile_kadmind |
|
;; |
|
kpropd ) |
|
nohup @l_prefix@/sbin/kpropd \ |
|
-S -f $kerberos_dump_file \ |
|
-p @l_prefix@/sbin/kdb5_util \ |
|
-a $kerberos_db_dir/kpropd.acl \ |
|
$kerberos_flags_kpropd & |
|
echo $! >$kerberos_pidfile_kpropd |
|
;; |
|
esac |
|
done |
|
|
|
%stop -u @l_susr@ |
|
rcService kerberos enable yes || exit 0 |
|
rcService kerberos active no && exit 0 |
|
kerberos_signal TERM |
|
rm -f $kerberos_pidfile_krb5kdc 2>/dev/null || true |
|
rm -f $kerberos_pidfile_kadmind 2>/dev/null || true |
|
rm -f $kerberos_pidfile_kpropd 2>/dev/null || true |
|
|
|
%restart -u @l_susr@ |
|
rcService kerberos enable yes || exit 0 |
|
rcService kerberos active no && exit 0 |
|
rc kerberos stop |
|
sleep 2 |
|
rc kerberos start |
|
|
|
%quarterly -u @l_susr@ |
|
rcService kerberos enable yes || exit 0 |
|
if [ ".$kerberos_propagate_update" = .quarterly ]; then |
|
kerberos_propagate || exit $? |
|
fi |
|
|
|
%hourly -u @l_susr@ |
|
rcService kerberos enable yes || exit 0 |
|
if [ ".$kerberos_propagate_update" = .hourly ]; then |
|
kerberos_propagate || exit $? |
|
fi |
|
|
|
%daily -u @l_susr@ |
|
rcService kerberos enable yes || exit 0 |
|
if [ ".$kerberos_propagate_update" = .daily ]; then |
|
kerberos_propagate || exit $? |
|
fi |
|
rcTmp -i |
|
hintfile=`rcTmp -f -n hint` |
|
for name in $kerberos_log_names; do |
|
if [ -f $kerberos_log_dir/$name.log ]; then |
|
shtool rotate -f \ |
|
-n $kerberos_log_numfiles -s $kerberos_log_minsize -d \ |
|
-z $kerberos_log_complevel -m 664 -o @l_rusr@ -g @l_rgrp@ \ |
|
-P "$kerberos_log_prolog" \ |
|
-E "$kerberos_log_epilog; echo 1 >$hintfile" \ |
|
$kerberos_log_dir/$name.log |
|
fi |
|
done |
|
if [ -s $hintfile ]; then |
|
rc kerberos restart |
|
fi |
|
rcTmp -k |
|
|
|
%weekly -u @l_susr@ |
|
rcService kerberos enable yes || exit 0 |
|
if [ ".$kerberos_propagate_update" = .weekly ]; then |
|
kerberos_propagate || exit $? |
|
fi |
|
|
|
|