etc/000075500000000000000000000000001152521633300116305ustar00rootroot00000000000000etc/krb5.conf000064400000000000000000000001761152521633300133460ustar00rootroot00000000000000[libdefaults] dns_lookup_kdc = true dns_lookup_realm = true ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true etc/rc.d/000075500000000000000000000000001152521633300124565ustar00rootroot00000000000000etc/rc.d/init.d/000075500000000000000000000000001152521633300136435ustar00rootroot00000000000000etc/rc.d/init.d/kadmin000075500000000000000000000041241152521633300150350ustar00rootroot00000000000000#!/bin/bash # # kadmind Start and stop the Kerberos 5 administrative server. # # chkconfig: - 41 59 # description: Kerberos 5 is a trusted third-party authentication system. \ # This script starts and stops the Kerberos 5 administrative \ # server, which should only be run on the master server for a \ # realm. # processname: kadmind # WITHOUT_RC_COMPAT=1 # Source function library. . /etc/init.d/functions # Get config. SourceIfNotEmpty /etc/sysconfig/network LOCKFILE=/var/lock/subsys/kadmin KDC_PATH=/var/lib/kerberos/krb5kdc RETVAL=0 extract_keys() { action $"Extracting kadm5 Service Keys: " \ /usr/sbin/kadmin.local -q "ktadd\ -k\ ${KDC_PATH}/kadm5.keytab\ kadmin/admin\ kadmin/changepw" } start() { is_yes "$NETWORKING" || return 0 [ -f "$KDC_PATH/principal" ] || return 0 [ ! -f "$KDC_PATH/kpropd.acl" ] || return 0 [ -f "$KDC_PATH/kadm5.keytab" ] || extract_keys start_daemon --lockfile "$LOCKFILE" --expect-user root -- kadmind RETVAL=$? return $RETVAL } stop() { stop_daemon --lockfile "$LOCKFILE" --expect-user root -- kadmind RETVAL=$? return $RETVAL } restart() { stop start } reload() { msg_reloading kadmind stop_daemon --expect-user root -HUP -- kadmind RETVAL=$? return $RETVAL } # See how we were called. case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) restart ;; condstop) if [ -e "$LOCKFILE" ]; then stop fi ;; condrestart) if [ -e "$LOCKFILE" ]; then restart fi ;; condreload) if [ -e "$LOCKFILE" ]; then reload fi ;; status) status --expect-user root -- kadmind RETVAL=$? ;; *) msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" RETVAL=1 esac exit $RETVAL etc/rc.d/init.d/kdcrotate000075500000000000000000000020741152521633300155540ustar00rootroot00000000000000#!/bin/sh # # kdcrotate This shell script rotates the list of KDCs in /etc/krb5.conf # # Author: Based on SysV Init in RHS Linux by Damien Neil # Written by Nalin Dahyabhai # # chkconfig: 345 99 01 # # description: Rotate the list of KDCs listed in /etc/krb5.conf # PATH=/sbin:$PATH # Only run in runlevels where we're 'enabled', which should only be 345. if [ "$1" != "start" ] ; then exit 0 fi # source function library . /etc/rc.d/init.d/functions action "Rotating KDC list" "awk ' /^[[:space:]]*kdc[[:space:]]*=/ { \\ if(length(firstkdc) == 0) { \\ firstkdc = \$0; \\ } else { \\ if(length(kdclist) > 0) { \\ kdclist = kdclist ORS; \\ } \\ kdclist = kdclist \$0; \\ } \\ next; \\ } \\ { \\ if(length(kdclist) > 0) { \\ NEWCONFIG = NEWCONFIG kdclist ORS; \\ } \\ if(length(firstkdc) > 0) { \\ NEWCONFIG = NEWCONFIG firstkdc ORS; \\ } \\ firstkdc = \"\"; \\ kdclist = \"\"; \\ NEWCONFIG = NEWCONFIG \$0 ORS; \\ } \\ END {printf \"%s\", NEWCONFIG > \"/etc/krb5.conf\"}' /etc/krb5.conf" etc/rc.d/init.d/kprop000075500000000000000000000034601152521633300147270ustar00rootroot00000000000000#!/bin/bash # # kpropd.init Start and stop the Kerberos 5 propagation client. # # chkconfig: - 41 59 # description: Kerberos 5 is a trusted third-party authentication system. \ # This script starts and stops the service that allows this \ # KDC to receive updates from your master KDC. # processname: kpropd # WITHOUT_RC_COMPAT=1 # Source function library. . /etc/init.d/functions # Get config. SourceIfNotEmpty /etc/sysconfig/network LOCKFILE=/var/lock/subsys/kprop KDC_PATH=/var/lib/kerberos/krb5kdc RETVAL=0 # Sheel functions to cut down on useless shell instances. start() { is_yes "$NETWORKING" || return 0 [ -f "$KDC_PATH/kpropd.acl" ] || return 0 start_daemon --lockfile "$LOCKFILE" -- kpropd -S RETVAL=$? return $RETVAL } stop() { stop_daemon --lockfile "$LOCKFILE" -- kpropd RETVAL=$? return $RETVAL } restart() { stop start } reload() { msg_reloading kpropd stop_daemon --expect-user root -HUP -- kpropd RETVAL=$? return $RETVAL } # See how we were called. case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) restart ;; condstop) if [ -e "$LOCKFILE" ]; then stop fi ;; condrestart) if [ -e "$LOCKFILE" ]; then restart fi ;; condreload) if [ -e "$LOCKFILE" ]; then reload fi ;; status) status --expect-user root -- kpropd RETVAL=$? ;; *) msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" RETVAL=1 esac exit $RETVAL etc/rc.d/init.d/krb5kdc000075500000000000000000000034511152521633300151210ustar00rootroot00000000000000#!/bin/bash # # krb5kdc Start and stop the Kerberos 5 servers. # # chkconfig: 345 40 60 # description: Kerberos 5 is a trusted third-party authentication system. \ # This script starts and stops the server that Kerberos IV and 5 \ # clients need to connect to in order to obtain credentials. # processname: krb5kdc # WITHOUT_RC_COMPAT=1 # Source function library. . /etc/init.d/functions # Get config. SourceIfNotEmpty /etc/sysconfig/network LOCKFILE=/var/lock/subsys/krb5kdc KDC_PATH=/var/lib/kerberos/krb5kdc/ RETVAL=0 start() { is_yes "$NETWORKING" || return 0 [ -f "$KDC_PATH/principal" ] || return 0 start_daemon --lockfile "$LOCKFILE" -- krb5kdc RETVAL=$? return $RETVAL } stop() { stop_daemon --lockfile "$LOCKFILE" -- krb5kdc RETVAL=$? return $RETVAL } restart() { stop start } reload() { msg_reloading krb5kdc stop_daemon --pidfile "$PIDFILE" --expect-user root -HUP -- krb5kdc RETVAL=$? return $RETVAL } # See how we were called. case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) restart ;; condstop) if [ -e "$LOCKFILE" ]; then stop fi ;; condrestart) if [ -e "$LOCKFILE" ]; then restart fi ;; condreload) if [ -e "$LOCKFILE" ]; then reload fi ;; status) status --pidfile "$PIDFILE" --expect-user root -- krb5kdc RETVAL=$? ;; *) msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" RETVAL=1 esac exit $RETVAL etc/xinetd.d/000075500000000000000000000000001152521633300133455ustar00rootroot00000000000000etc/xinetd.d/eklogin000064400000000000000000000004721152521633300147230ustar00rootroot00000000000000# default: off # description: The encrypting kerberized rlogin server accepts rlogin sessions \ # authenticated and encrypted with Kerberos 5. service eklogin { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/klogind server_args = -e -5 disable = yes } etc/xinetd.d/gssftp000064400000000000000000000005021152521633300145730ustar00rootroot00000000000000# default: off # description: The kerberized FTP server accepts FTP connections \ # that can be authenticated with Kerberos 5. service ftp { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/krb5-ftpd server_args = -l -a log_on_failure += USERID disable = yes } etc/xinetd.d/klogin000064400000000000000000000004551152521633300145570ustar00rootroot00000000000000# default: off # description: The kerberized rlogin server accepts BSD-style rlogin sessions, \ # but uses Kerberos 5 authentication. service klogin { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/klogind server_args = -5 disable = yes } etc/xinetd.d/krb5-telnet000064400000000000000000000004771152521633300154340ustar00rootroot00000000000000# default: off # description: The kerberized telnet server accepts normal telnet sessions, \ # but can also use Kerberos 5 authentication. service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/krb5-telnetd log_on_failure += USERID disable = yes } etc/xinetd.d/kshell000064400000000000000000000004531152521633300145540ustar00rootroot00000000000000# default: off # description: The kerberized rshell server accepts rshell commands \ # authenticated and encrypted with Kerberos 5. service kshell { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/kshd server_args = -e -5 disable = yes } var/000075500000000000000000000000001152521633300116455ustar00rootroot00000000000000var/lib/000075500000000000000000000000001152521633300124135ustar00rootroot00000000000000var/lib/kerberos/000075500000000000000000000000001152521633300142275ustar00rootroot00000000000000var/lib/kerberos/krb5kdc/000075500000000000000000000000001152521633300155545ustar00rootroot00000000000000var/lib/kerberos/krb5kdc/kadm5.acl000064400000000000000000000000261152521633300172340ustar00rootroot00000000000000*/admin@EXAMPLE.COM * var/lib/kerberos/krb5kdc/kdc.conf000064400000000000000000000005121152521633300171620ustar00rootroot00000000000000[kdcdefaults] acl_file = /var/lib/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/lib/kerberos/krb5kdc/kadm5.keytab [realms] EXAMPLE.COM = { master_key_type = des-cbc-crc supported_enctypes = rc4-hmac:normal des-cbc-crc:normal des3-cbc-raw:normal des3-cbc-sha1:normal des-cbc-crc:afs3 }