./etc/rc.d/init.d/kdcrotate0000755000076400007640000000207410250620563013505 0ustar meme#!/bin/sh # # kdcrotate This shell script rotates the list of KDCs in /etc/krb5.conf # # Author: Based on SysV Init in RHS Linux by Damien Neil # Written by Nalin Dahyabhai # # chkconfig: 345 99 01 # # description: Rotate the list of KDCs listed in /etc/krb5.conf # PATH=/sbin:$PATH # Only run in runlevels where we're 'enabled', which should only be 345. if [ "$1" != "start" ] ; then exit 0 fi # source function library . /etc/rc.d/init.d/functions action "Rotating KDC list" "awk ' /^[[:space:]]*kdc[[:space:]]*=/ { \\ if(length(firstkdc) == 0) { \\ firstkdc = \$0; \\ } else { \\ if(length(kdclist) > 0) { \\ kdclist = kdclist ORS; \\ } \\ kdclist = kdclist \$0; \\ } \\ next; \\ } \\ { \\ if(length(kdclist) > 0) { \\ NEWCONFIG = NEWCONFIG kdclist ORS; \\ } \\ if(length(firstkdc) > 0) { \\ NEWCONFIG = NEWCONFIG firstkdc ORS; \\ } \\ firstkdc = \"\"; \\ kdclist = \"\"; \\ NEWCONFIG = NEWCONFIG \$0 ORS; \\ } \\ END {printf \"%s\", NEWCONFIG > \"/etc/krb5.conf\"}' /etc/krb5.conf" ./etc/rc.d/init.d/krb5kdc0000755000076400007640000000345110255233642013055 0ustar meme#!/bin/bash # # krb5kdc Start and stop the Kerberos 5 servers. # # chkconfig: 345 35 65 # description: Kerberos 5 is a trusted third-party authentication system. \ # This script starts and stops the server that Kerberos IV and 5 \ # clients need to connect to in order to obtain credentials. # processname: krb5kdc # WITHOUT_RC_COMPAT=1 # Source function library. . /etc/init.d/functions # Get config. SourceIfNotEmpty /etc/sysconfig/network LOCKFILE=/var/lock/subsys/krb5kdc KDC_PATH=/var/lib/kerberos/krb5kdc/ RETVAL=0 start() { is_yes "$NETWORKING" || return 0 [ -f "$KDC_PATH/principal" ] || return 0 start_daemon --lockfile "$LOCKFILE" -- krb5kdc RETVAL=$? return $RETVAL } stop() { stop_daemon --lockfile "$LOCKFILE" -- krb5kdc RETVAL=$? return $RETVAL } restart() { stop start } reload() { msg_reloading krb5kdc stop_daemon --pidfile "$PIDFILE" --expect-user root -HUP -- krb5kdc RETVAL=$? return $RETVAL } # See how we were called. case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) restart ;; condstop) if [ -e "$LOCKFILE" ]; then stop fi ;; condrestart) if [ -e "$LOCKFILE" ]; then restart fi ;; condreload) if [ -e "$LOCKFILE" ]; then reload fi ;; status) status --pidfile "$PIDFILE" --expect-user root -- krb5kdc RETVAL=$? ;; *) msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" RETVAL=1 esac exit $RETVAL ./etc/rc.d/init.d/kadmin0000755000076400007640000000412610255233411012765 0ustar meme#!/bin/bash # # kadmind Start and stop the Kerberos 5 administrative server. # # chkconfig: 345 35 65 # description: Kerberos 5 is a trusted third-party authentication system. \ # This script starts and stops the Kerberos 5 administrative \ # server, which should only be run on the master server for a \ # realm. # processname: kadmind # WITHOUT_RC_COMPAT=1 # Source function library. . /etc/init.d/functions # Get config. SourceIfNotEmpty /etc/sysconfig/network LOCKFILE=/var/lock/subsys/kadmin KDC_PATH=/var/lib/kerberos/krb5kdc RETVAL=0 extract_keys() { action $"Extracting kadm5 Service Keys: " \ /usr/sbin/kadmin.local -q "ktadd\ -k\ ${KDC_PATH}/kadm5.keytab\ kadmin/admin\ kadmin/changepw" } start() { is_yes "$NETWORKING" || return 0 [ -f "$KDC_PATH/principal" ] || return 0 [ ! -f "$KDC_PATH/kpropd.acl" ] || return 0 [ -f "$KDC_PATH/kadm5.keytab" ] || extract_keys start_daemon --lockfile "$LOCKFILE" --expect-user root -- kadmind RETVAL=$? return $RETVAL } stop() { stop_daemon --lockfile "$LOCKFILE" --expect-user root -- kadmind RETVAL=$? return $RETVAL } restart() { stop start } reload() { msg_reloading kadmind stop_daemon --expect-user root -HUP -- kadmind RETVAL=$? return $RETVAL } # See how we were called. case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) restart ;; condstop) if [ -e "$LOCKFILE" ]; then stop fi ;; condrestart) if [ -e "$LOCKFILE" ]; then restart fi ;; condreload) if [ -e "$LOCKFILE" ]; then reload fi ;; status) status --expect-user root -- kadmind RETVAL=$? ;; *) msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" RETVAL=1 esac exit $RETVAL ./etc/rc.d/init.d/kprop0000755000076400007640000000346210255057307012667 0ustar meme#!/bin/bash # # kpropd.init Start and stop the Kerberos 5 propagation client. # # chkconfig: 345 35 65 # description: Kerberos 5 is a trusted third-party authentication system. \ # This script starts and stops the service that allows this \ # KDC to receive updates from your master KDC. # processname: kpropd # WITHOUT_RC_COMPAT=1 # Source function library. . /etc/init.d/functions # Get config. SourceIfNotEmpty /etc/sysconfig/network LOCKFILE=/var/lock/subsys/kprop KDC_PATH=/var/lib/kerberos/krb5kdc RETVAL=0 # Sheel functions to cut down on useless shell instances. start() { is_yes "$NETWORKING" || return 0 [ -f "$KDC_PATH/kpropd.acl" ] || return 0 start_daemon --lockfile "$LOCKFILE" -- kpropd -S RETVAL=$? return $RETVAL } stop() { stop_daemon --lockfile "$LOCKFILE" -- kpropd RETVAL=$? return $RETVAL } restart() { stop start } reload() { msg_reloading kpropd stop_daemon --expect-user root -HUP -- kpropd RETVAL=$? return $RETVAL } # See how we were called. case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) restart ;; condstop) if [ -e "$LOCKFILE" ]; then stop fi ;; condrestart) if [ -e "$LOCKFILE" ]; then restart fi ;; condreload) if [ -e "$LOCKFILE" ]; then reload fi ;; status) status --expect-user root -- kpropd RETVAL=$? ;; *) msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" RETVAL=1 esac exit $RETVAL ./etc/xinetd.d/gssftp0000644000076400007640000000050210250620715012523 0ustar meme# default: off # description: The kerberized FTP server accepts FTP connections \ # that can be authenticated with Kerberos 5. service ftp { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/krb5-ftpd server_args = -l -a log_on_failure += USERID disable = yes } ./etc/xinetd.d/klogin0000644000076400007640000000045510250620715012507 0ustar meme# default: off # description: The kerberized rlogin server accepts BSD-style rlogin sessions, \ # but uses Kerberos 5 authentication. service klogin { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/klogind server_args = -5 disable = yes } ./etc/xinetd.d/kshell0000644000076400007640000000045310250620715012504 0ustar meme# default: off # description: The kerberized rshell server accepts rshell commands \ # authenticated and encrypted with Kerberos 5. service kshell { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/kshd server_args = -e -5 disable = yes } ./etc/xinetd.d/krb5-telnet0000644000076400007640000000047710250620715013364 0ustar meme# default: off # description: The kerberized telnet server accepts normal telnet sessions, \ # but can also use Kerberos 5 authentication. service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/krb5-telnetd log_on_failure += USERID disable = yes } ./etc/xinetd.d/eklogin0000644000076400007640000000047210250620715012653 0ustar meme# default: off # description: The encrypting kerberized rlogin server accepts rlogin sessions \ # authenticated and encrypted with Kerberos 5. service eklogin { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/klogind server_args = -e -5 disable = yes }