Allow the system to be configured to pass "-n" to kerberos and

kadmind or not; also, only run kadmind on a non-slave server. Man page for rc.conf is also updated. Reviewed by: Mark Murray
svn path=/head/; revision=31033
1997-11-07 20:45:48 +00:00 · 1997-11-07 20:45:48 +00:00 · 5a583f9c34 · 2020-12-20 02:59:44 +00:00
commit 5a583f9c34
parent 16d4f6d1c0
9 changed files with 116 additions and 30 deletions
--- a/etc/network.subr
+++ b/etc/network.subr
@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id: rc.network,v 1.10 1997/09/11 10:59:02 danny Exp $
+#	$Id: rc.network,v 1.11 1997/09/18 22:43:48 danny Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91

 # Note that almost all the user-configurable behavior is no longer in
@ -222,9 +222,18 @@ network_pass3() {

    # Kerberos runs ONLY on the Kerberos server machine
    if [ "X${kerberos_server_enable}" = X"YES" ]; then
-	    echo -n ' kerberos';	kerberos >> /var/log/kerberos.log &
-	    echo -n ' kadmind'; \
-		    (sleep 20; kadmind -n >/dev/null 2>&1 &) &
+	    if [ "X${kerberos_stash}" = "XYES" ]; then
+		stash_flag=-n
+	    else
+		stash_flag=
+	    fi
+	    echo -n ' kerberos'; \
+		kerberos ${stash_flags} >> /var/log/kerberos.log &
+	    if [ "X${kadmind_server_enable}" = "XYES" ]; then
+		echo -n ' kadmind'; \
+		(sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) &
+	    fi
+	    unset stash_flag
    fi
    
    # IP multicast routing daemon
--- a/etc/rc.conf
+++ b/etc/rc.conf
@ -6,7 +6,7 @@
 #
 # All arguments must be in double or single quotes.
 #
-#	$Id: rc.conf,v 1.31 1997/10/18 10:11:04 jkh Exp $
+#	$Id: rc.conf,v 1.32 1997/10/31 01:58:53 jdp Exp $

 ##############################################################
 ### Important initial Boot-time options  #####################
@ -44,6 +44,9 @@ inetd_flags=""			# Optional flags to inetd.
 named_enable="NO"		# Run named, the DNS server (or NO).
 named_flags="-b /etc/namedb/named.boot" # Flags to named (if enabled).
 kerberos_server_enable="NO"	# Run a kerberos master server (or NO).
+kadmind_server_enable="NO"	# Run kadmind (or NO) -- do not run on
+				# a slave kerberos server
+kerberos_stash=""		# Is the kerberos master key stashed?
 rwhod_enable="NO"		# Run the rwho daemon (or NO).
 amd_enable="NO"			# Run amd service with $amd_flags (or NO).
 amd_flags="-a /net -c 1800 -k i386 -d my.domain -l syslog /host /etc/amd.map"
--- a/etc/rc.d/netoptions
+++ b/etc/rc.d/netoptions
@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id: rc.network,v 1.10 1997/09/11 10:59:02 danny Exp $
+#	$Id: rc.network,v 1.11 1997/09/18 22:43:48 danny Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91

 # Note that almost all the user-configurable behavior is no longer in
@ -222,9 +222,18 @@ network_pass3() {

    # Kerberos runs ONLY on the Kerberos server machine
    if [ "X${kerberos_server_enable}" = X"YES" ]; then
-	    echo -n ' kerberos';	kerberos >> /var/log/kerberos.log &
-	    echo -n ' kadmind'; \
-		    (sleep 20; kadmind -n >/dev/null 2>&1 &) &
+	    if [ "X${kerberos_stash}" = "XYES" ]; then
+		stash_flag=-n
+	    else
+		stash_flag=
+	    fi
+	    echo -n ' kerberos'; \
+		kerberos ${stash_flags} >> /var/log/kerberos.log &
+	    if [ "X${kadmind_server_enable}" = "XYES" ]; then
+		echo -n ' kadmind'; \
+		(sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) &
+	    fi
+	    unset stash_flag
    fi
    
    # IP multicast routing daemon
--- a/etc/rc.d/network1
+++ b/etc/rc.d/network1
@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id: rc.network,v 1.10 1997/09/11 10:59:02 danny Exp $
+#	$Id: rc.network,v 1.11 1997/09/18 22:43:48 danny Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91

 # Note that almost all the user-configurable behavior is no longer in
@ -222,9 +222,18 @@ network_pass3() {

    # Kerberos runs ONLY on the Kerberos server machine
    if [ "X${kerberos_server_enable}" = X"YES" ]; then
-	    echo -n ' kerberos';	kerberos >> /var/log/kerberos.log &
-	    echo -n ' kadmind'; \
-		    (sleep 20; kadmind -n >/dev/null 2>&1 &) &
+	    if [ "X${kerberos_stash}" = "XYES" ]; then
+		stash_flag=-n
+	    else
+		stash_flag=
+	    fi
+	    echo -n ' kerberos'; \
+		kerberos ${stash_flags} >> /var/log/kerberos.log &
+	    if [ "X${kadmind_server_enable}" = "XYES" ]; then
+		echo -n ' kadmind'; \
+		(sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) &
+	    fi
+	    unset stash_flag
    fi
    
    # IP multicast routing daemon
--- a/etc/rc.d/network2
+++ b/etc/rc.d/network2
@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id: rc.network,v 1.10 1997/09/11 10:59:02 danny Exp $
+#	$Id: rc.network,v 1.11 1997/09/18 22:43:48 danny Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91

 # Note that almost all the user-configurable behavior is no longer in
@ -222,9 +222,18 @@ network_pass3() {

    # Kerberos runs ONLY on the Kerberos server machine
    if [ "X${kerberos_server_enable}" = X"YES" ]; then
-	    echo -n ' kerberos';	kerberos >> /var/log/kerberos.log &
-	    echo -n ' kadmind'; \
-		    (sleep 20; kadmind -n >/dev/null 2>&1 &) &
+	    if [ "X${kerberos_stash}" = "XYES" ]; then
+		stash_flag=-n
+	    else
+		stash_flag=
+	    fi
+	    echo -n ' kerberos'; \
+		kerberos ${stash_flags} >> /var/log/kerberos.log &
+	    if [ "X${kadmind_server_enable}" = "XYES" ]; then
+		echo -n ' kadmind'; \
+		(sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) &
+	    fi
+	    unset stash_flag
    fi
    
    # IP multicast routing daemon
--- a/etc/rc.d/network3
+++ b/etc/rc.d/network3
@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id: rc.network,v 1.10 1997/09/11 10:59:02 danny Exp $
+#	$Id: rc.network,v 1.11 1997/09/18 22:43:48 danny Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91

 # Note that almost all the user-configurable behavior is no longer in
@ -222,9 +222,18 @@ network_pass3() {

    # Kerberos runs ONLY on the Kerberos server machine
    if [ "X${kerberos_server_enable}" = X"YES" ]; then
-	    echo -n ' kerberos';	kerberos >> /var/log/kerberos.log &
-	    echo -n ' kadmind'; \
-		    (sleep 20; kadmind -n >/dev/null 2>&1 &) &
+	    if [ "X${kerberos_stash}" = "XYES" ]; then
+		stash_flag=-n
+	    else
+		stash_flag=
+	    fi
+	    echo -n ' kerberos'; \
+		kerberos ${stash_flags} >> /var/log/kerberos.log &
+	    if [ "X${kadmind_server_enable}" = "XYES" ]; then
+		echo -n ' kadmind'; \
+		(sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) &
+	    fi
+	    unset stash_flag
    fi
    
    # IP multicast routing daemon
--- a/etc/rc.d/routing
+++ b/etc/rc.d/routing
@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id: rc.network,v 1.10 1997/09/11 10:59:02 danny Exp $
+#	$Id: rc.network,v 1.11 1997/09/18 22:43:48 danny Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91

 # Note that almost all the user-configurable behavior is no longer in
@ -222,9 +222,18 @@ network_pass3() {

    # Kerberos runs ONLY on the Kerberos server machine
    if [ "X${kerberos_server_enable}" = X"YES" ]; then
-	    echo -n ' kerberos';	kerberos >> /var/log/kerberos.log &
-	    echo -n ' kadmind'; \
-		    (sleep 20; kadmind -n >/dev/null 2>&1 &) &
+	    if [ "X${kerberos_stash}" = "XYES" ]; then
+		stash_flag=-n
+	    else
+		stash_flag=
+	    fi
+	    echo -n ' kerberos'; \
+		kerberos ${stash_flags} >> /var/log/kerberos.log &
+	    if [ "X${kadmind_server_enable}" = "XYES" ]; then
+		echo -n ' kadmind'; \
+		(sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) &
+	    fi
+	    unset stash_flag
    fi
    
    # IP multicast routing daemon
--- a/etc/rc.network
+++ b/etc/rc.network
@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id: rc.network,v 1.10 1997/09/11 10:59:02 danny Exp $
+#	$Id: rc.network,v 1.11 1997/09/18 22:43:48 danny Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91

 # Note that almost all the user-configurable behavior is no longer in
@ -222,9 +222,18 @@ network_pass3() {

    # Kerberos runs ONLY on the Kerberos server machine
    if [ "X${kerberos_server_enable}" = X"YES" ]; then
-	    echo -n ' kerberos';	kerberos >> /var/log/kerberos.log &
-	    echo -n ' kadmind'; \
-		    (sleep 20; kadmind -n >/dev/null 2>&1 &) &
+	    if [ "X${kerberos_stash}" = "XYES" ]; then
+		stash_flag=-n
+	    else
+		stash_flag=
+	    fi
+	    echo -n ' kerberos'; \
+		kerberos ${stash_flags} >> /var/log/kerberos.log &
+	    if [ "X${kadmind_server_enable}" = "XYES" ]; then
+		echo -n ' kadmind'; \
+		(sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) &
+	    fi
+	    unset stash_flag
    fi
    
    # IP multicast routing daemon
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@ -22,7 +22,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     $Id: rc.conf.5,v 1.4 1997/10/20 08:37:59 danny Exp $
+.\"     $Id: rc.conf.5,v 1.5 1997/11/02 21:45:31 jdp Exp $
 .\"
 .Dd April 26, 1997
 .Dt RC.CONF 5
@ -204,6 +204,26 @@ these are the flags to pass to
 .Ar YES
 if you want to run a Kerberos authentication server
 at boot time.
+.It Ar kadmind_server_enable
+.Ar YES
+if you want to run
+.Xr kadmind 8
+the Kerberos Administration Daemon); set to
+.Ar NO
+on a slave server.
+.It Ar kerberos_stash
+(str)
+If
+.Ar YES ,
+instruct the Kerberos servers to use the stashed master key instead of
+prompting for it (only if
+.Ar kerberos_server_enable
+is set to
+.Ar YES ,
+and is used for both
+.Xr kerberos 1
+and
+.Xr kadmind 8 ).
 .It Ar rwhod_enable
 (bool) If set to
 .Ar YES ,