Репозиторий Sisyphus
Последнее обновление: 26 марта 2023 | Пакетов: 18292 | Посещений: 27175645
en ru br
Репозитории ALT
S:1.20.1-alt1
5.1: 1.6.3-alt10.M50P.1
4.1: 1.6.3-alt3.M41.4
4.0: 1.5.1-alt4.M40.5
+updates:1.5.1-alt4.M40.5
3.0: 1.4.1-alt1
www.altlinux.org/Changes

Группа :: Система/Библиотеки
Пакет: krb5

 Главная   Изменения   Спек   Патчи   Исходники   Загрузить   Gear   Bugs and FR  Repocop 

etc/000075500000000000000000000000001116641616600116375ustar00rootroot00000000000000etc/krb5.conf000064400000000000000000000011461116641616600133530ustar00rootroot00000000000000[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com:88
admin_server = kerberos.example.com:749
default_domain = example.com
}

[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM

[kdc]
profile = /var/lib/kerberos/krb5kdc/kdc.conf

[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
etc/rc.d/000075500000000000000000000000001116641616600124655ustar00rootroot00000000000000etc/rc.d/init.d/000075500000000000000000000000001116641616600136525ustar00rootroot00000000000000etc/rc.d/init.d/kadmin000075500000000000000000000041261116641616600150460ustar00rootroot00000000000000#!/bin/bash
#
# kadmind Start and stop the Kerberos 5 administrative server.
#
# chkconfig: 345 35 65
# description: Kerberos 5 is a trusted third-party authentication system. \
# This script starts and stops the Kerberos 5 administrative \
# server, which should only be run on the master server for a \
# realm.
# processname: kadmind
#

WITHOUT_RC_COMPAT=1

# Source function library.
. /etc/init.d/functions

# Get config.
SourceIfNotEmpty /etc/sysconfig/network

LOCKFILE=/var/lock/subsys/kadmin
KDC_PATH=/var/lib/kerberos/krb5kdc
RETVAL=0


extract_keys()
{
action $"Extracting kadm5 Service Keys: " \
/usr/sbin/kadmin.local -q "ktadd\ -k\ ${KDC_PATH}/kadm5.keytab\ kadmin/admin\ kadmin/changepw"
}

start()
{
is_yes "$NETWORKING" || return 0

[ -f "$KDC_PATH/principal" ] || return 0
[ ! -f "$KDC_PATH/kpropd.acl" ] || return 0

[ -f "$KDC_PATH/kadm5.keytab" ] || extract_keys

start_daemon --lockfile "$LOCKFILE" --expect-user root -- kadmind
RETVAL=$?
return $RETVAL
}

stop()
{
stop_daemon --lockfile "$LOCKFILE" --expect-user root -- kadmind
RETVAL=$?
return $RETVAL
}

restart()
{
stop
start
}

reload()
{
msg_reloading kadmind
stop_daemon --expect-user root -HUP -- kadmind
RETVAL=$?
return $RETVAL
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
condstop)
if [ -e "$LOCKFILE" ]; then
stop
fi
;;
condrestart)
if [ -e "$LOCKFILE" ]; then
restart
fi
;;
condreload)
if [ -e "$LOCKFILE" ]; then
reload
fi
;;
status)
status --expect-user root -- kadmind
RETVAL=$?
;;
*)
msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}"
RETVAL=1
esac

exit $RETVAL
etc/rc.d/init.d/kdcrotate000075500000000000000000000020741116641616600155630ustar00rootroot00000000000000#!/bin/sh
#
# kdcrotate This shell script rotates the list of KDCs in /etc/krb5.conf
#
# Author: Based on SysV Init in RHS Linux by Damien Neil
# Written by Nalin Dahyabhai <nalin@redhat.com>
#
# chkconfig: 345 99 01
#
# description: Rotate the list of KDCs listed in /etc/krb5.conf
#

PATH=/sbin:$PATH

# Only run in runlevels where we're 'enabled', which should only be 345.
if [ "$1" != "start" ] ; then
exit 0
fi

# source function library
. /etc/rc.d/init.d/functions

action "Rotating KDC list" "awk ' /^[[:space:]]*kdc[[:space:]]*=/ { \\
if(length(firstkdc) == 0) { \\
firstkdc = \$0; \\
} else { \\
if(length(kdclist) > 0) { \\
kdclist = kdclist ORS; \\
} \\
kdclist = kdclist \$0; \\
} \\
next; \\
} \\
{ \\
if(length(kdclist) > 0) { \\
NEWCONFIG = NEWCONFIG kdclist ORS; \\
} \\
if(length(firstkdc) > 0) { \\
NEWCONFIG = NEWCONFIG firstkdc ORS; \\
} \\
firstkdc = \"\"; \\
kdclist = \"\"; \\
NEWCONFIG = NEWCONFIG \$0 ORS; \\
} \\
END {printf \"%s\", NEWCONFIG > \"/etc/krb5.conf\"}' /etc/krb5.conf"
etc/rc.d/init.d/kprop000075500000000000000000000034621116641616600147400ustar00rootroot00000000000000#!/bin/bash
#
# kpropd.init Start and stop the Kerberos 5 propagation client.
#
# chkconfig: 345 35 65
# description: Kerberos 5 is a trusted third-party authentication system. \
# This script starts and stops the service that allows this \
# KDC to receive updates from your master KDC.
# processname: kpropd
#

WITHOUT_RC_COMPAT=1

# Source function library.
. /etc/init.d/functions

# Get config.
SourceIfNotEmpty /etc/sysconfig/network

LOCKFILE=/var/lock/subsys/kprop
KDC_PATH=/var/lib/kerberos/krb5kdc
RETVAL=0

# Sheel functions to cut down on useless shell instances.
start()
{
is_yes "$NETWORKING" || return 0

[ -f "$KDC_PATH/kpropd.acl" ] || return 0

start_daemon --lockfile "$LOCKFILE" -- kpropd -S
RETVAL=$?
return $RETVAL
}

stop()
{
stop_daemon --lockfile "$LOCKFILE" -- kpropd
RETVAL=$?
return $RETVAL
}

restart()
{
stop
start
}

reload()
{
msg_reloading kpropd
stop_daemon --expect-user root -HUP -- kpropd
RETVAL=$?
return $RETVAL
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
condstop)
if [ -e "$LOCKFILE" ]; then
stop
fi
;;
condrestart)
if [ -e "$LOCKFILE" ]; then
restart
fi
;;
condreload)
if [ -e "$LOCKFILE" ]; then
reload
fi
;;
status)
status --expect-user root -- kpropd
RETVAL=$?
;;
*)
msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}"
RETVAL=1
esac

exit $RETVAL
etc/rc.d/init.d/krb5kdc000075500000000000000000000034511116641616600151300ustar00rootroot00000000000000#!/bin/bash
#
# krb5kdc Start and stop the Kerberos 5 servers.
#
# chkconfig: 345 35 65
# description: Kerberos 5 is a trusted third-party authentication system. \
# This script starts and stops the server that Kerberos IV and 5 \
# clients need to connect to in order to obtain credentials.
# processname: krb5kdc
#

WITHOUT_RC_COMPAT=1

# Source function library.
. /etc/init.d/functions

# Get config.
SourceIfNotEmpty /etc/sysconfig/network

LOCKFILE=/var/lock/subsys/krb5kdc
KDC_PATH=/var/lib/kerberos/krb5kdc/
RETVAL=0

start()
{
is_yes "$NETWORKING" || return 0

[ -f "$KDC_PATH/principal" ] || return 0

start_daemon --lockfile "$LOCKFILE" -- krb5kdc
RETVAL=$?
return $RETVAL
}

stop()
{
stop_daemon --lockfile "$LOCKFILE" -- krb5kdc
RETVAL=$?
return $RETVAL
}

restart()
{
stop
start
}

reload()
{
msg_reloading krb5kdc
stop_daemon --pidfile "$PIDFILE" --expect-user root -HUP -- krb5kdc
RETVAL=$?
return $RETVAL
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
condstop)
if [ -e "$LOCKFILE" ]; then
stop
fi
;;
condrestart)
if [ -e "$LOCKFILE" ]; then
restart
fi
;;
condreload)
if [ -e "$LOCKFILE" ]; then
reload
fi
;;
status)
status --pidfile "$PIDFILE" --expect-user root -- krb5kdc
RETVAL=$?
;;
*)
msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}"
RETVAL=1
esac

exit $RETVAL
etc/xinetd.d/000075500000000000000000000000001116641616600133545ustar00rootroot00000000000000etc/xinetd.d/eklogin000064400000000000000000000004721116641616600147320ustar00rootroot00000000000000# default: off
# description: The encrypting kerberized rlogin server accepts rlogin sessions \
# authenticated and encrypted with Kerberos 5.
service eklogin
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/klogind
server_args = -e -5
disable = yes
}
etc/xinetd.d/gssftp000064400000000000000000000005021116641616600146020ustar00rootroot00000000000000# default: off
# description: The kerberized FTP server accepts FTP connections \
# that can be authenticated with Kerberos 5.
service ftp
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/krb5-ftpd
server_args = -l -a
log_on_failure += USERID
disable = yes
}
etc/xinetd.d/klogin000064400000000000000000000004551116641616600145660ustar00rootroot00000000000000# default: off
# description: The kerberized rlogin server accepts BSD-style rlogin sessions, \
# but uses Kerberos 5 authentication.
service klogin
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/klogind
server_args = -5
disable = yes
}
etc/xinetd.d/krb5-telnet000064400000000000000000000004771116641616600154430ustar00rootroot00000000000000# default: off
# description: The kerberized telnet server accepts normal telnet sessions, \
# but can also use Kerberos 5 authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/krb5-telnetd
log_on_failure += USERID
disable = yes
}
etc/xinetd.d/kshell000064400000000000000000000004531116641616600145630ustar00rootroot00000000000000# default: off
# description: The kerberized rshell server accepts rshell commands \
# authenticated and encrypted with Kerberos 5.
service kshell
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/kshd
server_args = -e -5
disable = yes
}
var/000075500000000000000000000000001116641616600116545ustar00rootroot00000000000000var/lib/000075500000000000000000000000001116641616600124225ustar00rootroot00000000000000var/lib/kerberos/000075500000000000000000000000001116641616600142365ustar00rootroot00000000000000var/lib/kerberos/krb5kdc/000075500000000000000000000000001116641616600155635ustar00rootroot00000000000000var/lib/kerberos/krb5kdc/kadm5.acl000064400000000000000000000000261116641616600172430ustar00rootroot00000000000000*/admin@EXAMPLE.COM *
var/lib/kerberos/krb5kdc/kdc.conf000064400000000000000000000005121116641616600171710ustar00rootroot00000000000000[kdcdefaults]
acl_file = /var/lib/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/lib/kerberos/krb5kdc/kadm5.keytab

[realms]
EXAMPLE.COM = {
master_key_type = des-cbc-crc
supported_enctypes = rc4-hmac:normal des-cbc-crc:normal des3-cbc-raw:normal des3-cbc-sha1:normal des-cbc-crc:afs3
}
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin