nss-pam-ldapd commit: r1151 - in nss-pam-ldapd: . debian

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: "Commits of the nss-pam-ldapd project." <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: nss-pam-ldapd commit: r1151 - in nss-pam-ldapd: . debian
Date: Fri, 18 Jun 2010 23:43:52 +0200 (CEST)

Author: arthur
Date: Fri Jun 18 23:43:51 2010
New Revision: 1151
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1151

Log:
start k5start from the init script to keep the Kerberos ticket active if nslcd 
is configured for SASL GSSAPI kerberos authentication, based on a patch by 
Daniel Dehennin <daniel.dehennin@baby-gnu.org>

Added:
   nss-pam-ldapd/debian/nslcd.conffile
   nss-pam-ldapd/debian/nslcd.default
Modified:
   nss-pam-ldapd/AUTHORS
   nss-pam-ldapd/Makefile.am
   nss-pam-ldapd/debian/control
   nss-pam-ldapd/debian/nslcd.init

Modified: nss-pam-ldapd/AUTHORS
==============================================================================
--- nss-pam-ldapd/AUTHORS       Fri Jun 18 22:28:56 2010        (r1150)
+++ nss-pam-ldapd/AUTHORS       Fri Jun 18 23:43:51 2010        (r1151)
@@ -78,3 +78,4 @@
 Leigh Wedding <lwedding@bigpond.com>
 Jan Schampera <jan.schampera@web.de>
 Nalin Dahyabhai <nalin@redhat.com>
+Daniel Dehennin <daniel.dehennin@baby-gnu.org>

Modified: nss-pam-ldapd/Makefile.am
==============================================================================
--- nss-pam-ldapd/Makefile.am   Fri Jun 18 22:28:56 2010        (r1150)
+++ nss-pam-ldapd/Makefile.am   Fri Jun 18 23:43:51 2010        (r1151)
@@ -34,7 +34,9 @@
 DEBIAN_FILES = debian/changelog debian/compat debian/control \
                debian/copyright debian/rules debian/NEWS \
                debian/source/format \
+               debian/nslcd.conffile \
                debian/nslcd.config \
+               debian/nslcd.default \
                debian/nslcd.docs \
                debian/nslcd.examples \
                debian/nslcd.init \

Modified: nss-pam-ldapd/debian/control
==============================================================================
--- nss-pam-ldapd/debian/control        Fri Jun 18 22:28:56 2010        (r1150)
+++ nss-pam-ldapd/debian/control        Fri Jun 18 23:43:51 2010        (r1151)
@@ -13,6 +13,7 @@
 Architecture: any
 Depends: ${misc:Depends}, ${shlibs:Depends}, adduser
 Recommends: nscd, libnss-ldapd, libpam-ldapd
+Suggests: kstart
 Conflicts: libnss-ldapd (<< 0.7.0)
 Description: Daemon for NSS and PAM lookups using LDAP
  This package provides a daemon for retrieving user account, and other

Added: nss-pam-ldapd/debian/nslcd.conffile
==============================================================================
--- /dev/null   00:00:00 1970   (empty, because file is newly added)
+++ nss-pam-ldapd/debian/nslcd.conffile Fri Jun 18 23:43:51 2010        (r1151)
@@ -0,0 +1 @@
+nslcd.default /etc/default/nslcd

Added: nss-pam-ldapd/debian/nslcd.default
==============================================================================
--- /dev/null   00:00:00 1970   (empty, because file is newly added)
+++ nss-pam-ldapd/debian/nslcd.default  Fri Jun 18 23:43:51 2010        (r1151)
@@ -0,0 +1,19 @@
+# Defaults for nslcd init script
+
+# Whether to start k5start (for obtaining and keeping a Kerberos ticket)
+# By default k5start is started if nslcd.conf has sasl_mech set to GSSAPI
+# and krb5_ccname is set to a file-type ticket cache.
+# Set to "yes" to force starting k5start, any other value will not start
+# k5start.
+#K5START_START="yes"
+
+# Options for k5start.
+#K5START_BIN=/usr/bin/k5start
+#K5START_PIDFILE=/var/run/nslcd/k5start_nslcd.pid
+#K5START_USER=nslcd
+#K5START_GROUP=nslcd
+#K5START_MODE=600
+#K5START_KEYTAB=/etc/krb5.keytab
+#K5START_CCREFRESH=60
+#K5START_PRINCIPAL="host/$(hostname -f)"
+#K5START_CCNAME=/var/run/nslcd/krb5cc_nslcd

Modified: nss-pam-ldapd/debian/nslcd.init
==============================================================================
--- nss-pam-ldapd/debian/nslcd.init     Fri Jun 18 22:28:56 2010        (r1150)
+++ nss-pam-ldapd/debian/nslcd.init     Fri Jun 18 23:43:51 2010        (r1151)
@@ -44,10 +44,80 @@
 
 . /lib/lsb/init-functions
 
+# default options for k5start
+K5START_BIN=/usr/bin/k5start
+K5START_DESC="Keep alive Kerberos ticket"
+K5START_START=""
+K5START_PIDFILE=$NSLCD_STATEDIR/k5start_nslcd.pid
+K5START_USER=$(sed -n 's/^uid *\([^ ]*\) *$/\1/ip' $NSLCD_CFG)
+K5START_GROUP=$(sed -n 's/^gid *\([^ ]*\) *$/\1/ip' $NSLCD_CFG)
+K5START_MODE=600
+K5START_KEYTAB=/etc/krb5.keytab
+K5START_CCREFRESH=60
+K5START_PRINCIPAL="host/$(hostname -f)"
+K5START_CCFILE=$(sed -n 's/^krb5_ccname *\(FILE:\)\?\([^: ]*\) *$/\2/ip' 
$NSLCD_CFG)
+
+# check if we should use k5start by default (sasl_mech should be GSSAPI and
+# krb5_ccname should be found)
+if [ -x "$K5START_BIN" ] && \
+   grep -q '^sasl_mech *GSSAPI$' $NSLCD_CFG && \
+   [ -n "$K5START_CCFILE" ]
+then
+  K5START_START="yes"
+fi
+
+# read defaults
+[ -f /etc/default/nslcd ] && . /etc/default/nslcd
+
+k5start_start()
+{
+  if [ "$K5START_START" = "yes" ]
+  then
+    log_daemon_msg "Starting $K5START_DESC" "k5start"
+    start-stop-daemon --start \
+                      --pidfile $K5START_PIDFILE \
+                      --exec $K5START_BIN -- \
+                      -b -p $K5START_PIDFILE \
+                      -o $K5START_USER \
+                      -g $K5START_GROUP \
+                      -m $K5START_MODE \
+                      -f $K5START_KEYTAB \
+                      -K $K5START_CCREFRESH \
+                      -u $K5START_PRINCIPAL \
+                      -k $K5START_CCFILE
+    log_end_msg $?
+  fi
+}
+
+k5start_stop()
+{
+  if [ "$K5START_START" = "yes" ]
+  then
+    log_daemon_msg "Stopping $K5START_DESC" "k5start"
+    start-stop-daemon --stop --oknodo --pidfile $K5START_PIDFILE
+    log_end_msg $?
+    # remove any left behind files
+    [ -n "$K5START_PIDFILE" ] && rm -f $K5START_PIDFILE
+    [ -n "$K5START_CCFILE" ] && rm -f $K5START_CCFILE
+  fi
+}
+
+k5start_status()
+{
+  if [ "$K5START_START" = "yes" ]
+  then
+    status_of_proc -p "$K5START_PIDFILE" "$K5START_BIN" "k5start"
+  fi
+}
+
 case "$1" in
 start)
+  # set up state directory
   [ -d "$NSLCD_STATEDIR" ] || ( mkdir -m 755 "$NSLCD_STATEDIR" ; \
                                 chown nslcd:nslcd "$NSLCD_STATEDIR" )
+  # start k5start if needed
+  k5start_start
+  # start nslcd
   log_daemon_msg "Starting $NSLCD_DESC" "nslcd"
   start-stop-daemon --start --oknodo \
                     --pidfile $NSLCD_PIDFILE \
@@ -55,12 +125,15 @@
   log_end_msg $?
   ;;
 stop)
+  # stop nslcd
   log_daemon_msg "Stopping $NSLCD_DESC" "nslcd"
   start-stop-daemon --stop --oknodo \
                     --pidfile $NSLCD_PIDFILE \
                     --name nslcd
   log_end_msg $?
   [ -n "$NSLCD_PIDFILE" ] && rm -f $NSLCD_PIDFILE
+  # stop k5start
+  k5start_stop
   ;;
 restart|force-reload)
   [ -d "$NSLCD_STATEDIR" ] || ( mkdir -m 755 "$NSLCD_STATEDIR" ; \
@@ -69,7 +142,10 @@
   start-stop-daemon --stop --quiet --retry 10 \
                     --pidfile $NSLCD_PIDFILE \
                     --name nslcd
+  log_end_msg $?
   [ -n "$NSLCD_PIDFILE" ] && rm -f $NSLCD_PIDFILE
+  k5start_stop
+  k5start_start
   start-stop-daemon --start \
                     --pidfile $NSLCD_PIDFILE \
                     --startas $NSLCD_BIN
@@ -90,6 +166,7 @@
     log_success_msg "nslcd stopped"
     exit 3
   fi
+  k5start_status
   ;;
 *)
   log_success_msg "Usage: $0 {start|stop|restart|force-reload|status}"
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits

nss-pam-ldapd commit: r1151 - in nss-pam-ldapd: . debian, Commits of the nss-pam-ldapd project.

Prev by Date: nss-pam-ldapd commit: r1150 - in nss-pam-ldapd: man nslcd
Next by Date: nss-pam-ldapd commit: r1152 - nss-pam-ldapd/debian
Previous by thread: nss-pam-ldapd commit: r1150 - in nss-pam-ldapd: man nslcd
Next by thread: nss-pam-ldapd commit: r1152 - nss-pam-ldapd/debian