Репозиторий Sisyphus
Последнее обновление: 1 октября 2023 | Пакетов: 18631 | Посещений: 37412609
en ru br
Репозитории ALT
S:1.21.2-alt1
5.1: 1.6.3-alt10.M50P.1
4.1: 1.6.3-alt3.M41.4
4.0: 1.5.1-alt4.M40.5
+updates:1.5.1-alt4.M40.5
3.0: 1.4.1-alt1
www.altlinux.org/Changes

Группа :: Система/Библиотеки
Пакет: krb5

 Главная   Изменения   Спек   Патчи   Исходники   Загрузить   Gear   Bugs and FR  Repocop 

etc/000075500000000000000000000000001152521633300116305ustar00rootroot00000000000000etc/krb5.conf000064400000000000000000000001761152521633300133460ustar00rootroot00000000000000[libdefaults]
dns_lookup_kdc = true
dns_lookup_realm = true
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
etc/rc.d/000075500000000000000000000000001152521633300124565ustar00rootroot00000000000000etc/rc.d/init.d/000075500000000000000000000000001152521633300136435ustar00rootroot00000000000000etc/rc.d/init.d/kadmin000075500000000000000000000041241152521633300150350ustar00rootroot00000000000000#!/bin/bash
#
# kadmind      Start and stop the Kerberos 5 administrative server.
#
# chkconfig:   - 41 59
# description: Kerberos 5 is a trusted third-party authentication system.  \
#	       This script starts and stops the Kerberos 5 administrative \
#              server, which should only be run on the master server for a \
#              realm.
# processname: kadmind
#

WITHOUT_RC_COMPAT=1

# Source function library.
. /etc/init.d/functions

# Get config.
SourceIfNotEmpty /etc/sysconfig/network

LOCKFILE=/var/lock/subsys/kadmin
KDC_PATH=/var/lib/kerberos/krb5kdc
RETVAL=0


extract_keys()
{
    action $"Extracting kadm5 Service Keys: " \
	/usr/sbin/kadmin.local -q "ktadd\ -k\ ${KDC_PATH}/kadm5.keytab\ kadmin/admin\ kadmin/changepw"
}

start()
{
    is_yes "$NETWORKING" || return 0

    [ -f "$KDC_PATH/principal" ] || return 0
    [ ! -f "$KDC_PATH/kpropd.acl" ] || return 0

    [ -f "$KDC_PATH/kadm5.keytab" ] || extract_keys

    start_daemon --lockfile "$LOCKFILE" --expect-user root -- kadmind
    RETVAL=$?
    return $RETVAL
}

stop()
{
    stop_daemon --lockfile "$LOCKFILE" --expect-user root -- kadmind
    RETVAL=$?
    return $RETVAL
}

restart()
{
    stop
    start
}

reload()
{        
    msg_reloading kadmind
    stop_daemon --expect-user root -HUP -- kadmind
    RETVAL=$?
    return $RETVAL
}

# See how we were called.
case "$1" in
    start)
            start
            ;;
    stop)
            stop
            ;;
    reload)
            reload
            ;;
    restart)
            restart
            ;;
    condstop)
            if [ -e "$LOCKFILE" ]; then
                    stop
            fi
            ;;
    condrestart)
            if [ -e "$LOCKFILE" ]; then
                    restart
            fi
            ;;
    condreload)
            if [ -e "$LOCKFILE" ]; then
                    reload
            fi
            ;;
    status)
            status --expect-user root -- kadmind
            RETVAL=$?
            ;;
    *)
            msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}"
            RETVAL=1
esac

exit $RETVAL
etc/rc.d/init.d/kdcrotate000075500000000000000000000020741152521633300155540ustar00rootroot00000000000000#!/bin/sh
#
# kdcrotate     This shell script rotates the list of KDCs in /etc/krb5.conf
#
# Author:       Based on SysV Init in RHS Linux by Damien Neil
#               Written by Nalin Dahyabhai <nalin@redhat.com>
#
# chkconfig:	345 99 01
#
# description:  Rotate the list of KDCs listed in /etc/krb5.conf
#

PATH=/sbin:$PATH

# Only run in runlevels where we're 'enabled', which should only be 345.
if [ "$1" != "start" ] ; then
	exit 0
fi

# source function library
. /etc/rc.d/init.d/functions

action "Rotating KDC list" "awk '	/^[[:space:]]*kdc[[:space:]]*=/ { \\
		if(length(firstkdc) == 0) { \\
			firstkdc = \$0; \\
		} else { \\
			if(length(kdclist) > 0) { \\
				kdclist = kdclist ORS; \\
			} \\
			kdclist = kdclist \$0; \\
		} \\
		next; \\
	} \\
	{ \\
		if(length(kdclist) > 0) { \\
			NEWCONFIG = NEWCONFIG kdclist ORS; \\
		} \\
		if(length(firstkdc) > 0) { \\
			NEWCONFIG = NEWCONFIG firstkdc ORS; \\
		} \\
		firstkdc = \"\"; \\
		kdclist = \"\"; \\
		NEWCONFIG = NEWCONFIG \$0 ORS; \\
	} \\
	END {printf \"%s\", NEWCONFIG > \"/etc/krb5.conf\"}' /etc/krb5.conf"
etc/rc.d/init.d/kprop000075500000000000000000000034601152521633300147270ustar00rootroot00000000000000#!/bin/bash
#
# kpropd.init  Start and stop the Kerberos 5 propagation client.
#
# chkconfig:   - 41 59
# description: Kerberos 5 is a trusted third-party authentication system.  \
#	       This script starts and stops the service that allows this \
#              KDC to receive updates from your master KDC.
# processname: kpropd
#

WITHOUT_RC_COMPAT=1

# Source function library.
. /etc/init.d/functions

# Get config.
SourceIfNotEmpty /etc/sysconfig/network

LOCKFILE=/var/lock/subsys/kprop
KDC_PATH=/var/lib/kerberos/krb5kdc
RETVAL=0

# Sheel functions to cut down on useless shell instances.
start()
{
    is_yes "$NETWORKING" || return 0

    [ -f "$KDC_PATH/kpropd.acl" ] || return 0

    start_daemon --lockfile "$LOCKFILE" -- kpropd -S
    RETVAL=$?
    return $RETVAL
}

stop()
{
    stop_daemon --lockfile "$LOCKFILE" -- kpropd
    RETVAL=$?
    return $RETVAL
}

restart()
{
    stop
    start
}

reload()
{        
    msg_reloading kpropd
    stop_daemon --expect-user root -HUP -- kpropd
    RETVAL=$?
    return $RETVAL
}

# See how we were called.
case "$1" in
    start)
            start
            ;;
    stop)
            stop
            ;;
    reload)
            reload
            ;;
    restart)
            restart
            ;;
    condstop)
            if [ -e "$LOCKFILE" ]; then
                    stop
            fi
            ;;
    condrestart)
            if [ -e "$LOCKFILE" ]; then
                    restart
            fi
            ;;
    condreload)
            if [ -e "$LOCKFILE" ]; then
                    reload
            fi
            ;;
    status)
            status --expect-user root -- kpropd
            RETVAL=$?
            ;;
    *)
            msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}"
            RETVAL=1
esac

exit $RETVAL
etc/rc.d/init.d/krb5kdc000075500000000000000000000034511152521633300151210ustar00rootroot00000000000000#!/bin/bash
#
# krb5kdc      Start and stop the Kerberos 5 servers.
#
# chkconfig:   345 40 60
# description: Kerberos 5 is a trusted third-party authentication system.  \
#	       This script starts and stops the server that Kerberos IV and 5 \
#	       clients need to connect to in order to obtain credentials.
# processname: krb5kdc
#

WITHOUT_RC_COMPAT=1

# Source function library.
. /etc/init.d/functions

# Get config.
SourceIfNotEmpty /etc/sysconfig/network

LOCKFILE=/var/lock/subsys/krb5kdc
KDC_PATH=/var/lib/kerberos/krb5kdc/
RETVAL=0

start()
{
    is_yes "$NETWORKING" || return 0

    [ -f "$KDC_PATH/principal" ] || return 0

    start_daemon --lockfile "$LOCKFILE" -- krb5kdc
    RETVAL=$?
    return $RETVAL
}

stop()
{
    stop_daemon --lockfile "$LOCKFILE" -- krb5kdc
    RETVAL=$?
    return $RETVAL
}

restart()
{
    stop
    start
}

reload()
{        
    msg_reloading krb5kdc
    stop_daemon --pidfile "$PIDFILE" --expect-user root -HUP -- krb5kdc
    RETVAL=$?
    return $RETVAL
}

# See how we were called.
case "$1" in
    start)
            start
            ;;
    stop)
            stop
            ;;
    reload)
            reload
            ;;
    restart)
            restart
            ;;
    condstop)
            if [ -e "$LOCKFILE" ]; then
                    stop
            fi
            ;;
    condrestart)
            if [ -e "$LOCKFILE" ]; then
                    restart
            fi
            ;;
    condreload)
            if [ -e "$LOCKFILE" ]; then
                    reload
            fi
            ;;
    status)
            status --pidfile "$PIDFILE" --expect-user root -- krb5kdc
            RETVAL=$?
            ;;
    *)
            msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}"
            RETVAL=1
esac

exit $RETVAL
etc/xinetd.d/000075500000000000000000000000001152521633300133455ustar00rootroot00000000000000etc/xinetd.d/eklogin000064400000000000000000000004721152521633300147230ustar00rootroot00000000000000# default: off
# description: The encrypting kerberized rlogin server accepts rlogin sessions \
#              authenticated and encrypted with Kerberos 5.
service eklogin
{
	flags		= REUSE
	socket_type	= stream        
	wait		= no
	user		= root
	server		= /usr/sbin/klogind
	server_args	= -e -5
	disable		= yes
}
etc/xinetd.d/gssftp000064400000000000000000000005021152521633300145730ustar00rootroot00000000000000# default: off
# description: The kerberized FTP server accepts FTP connections \
#              that can be authenticated with Kerberos 5.
service ftp
{
	flags		= REUSE
	socket_type	= stream        
	wait		= no
	user		= root
	server		= /usr/sbin/krb5-ftpd
	server_args	= -l -a
	log_on_failure	+= USERID
	disable		= yes
}
etc/xinetd.d/klogin000064400000000000000000000004551152521633300145570ustar00rootroot00000000000000# default: off
# description: The kerberized rlogin server accepts BSD-style rlogin sessions, \
#              but uses Kerberos 5 authentication.
service klogin
{
	flags		= REUSE
	socket_type	= stream        
	wait		= no
	user		= root
	server		= /usr/sbin/klogind
	server_args	= -5
	disable		= yes
}
etc/xinetd.d/krb5-telnet000064400000000000000000000004771152521633300154340ustar00rootroot00000000000000# default: off
# description: The kerberized telnet server accepts normal telnet sessions, \
#              but can also use Kerberos 5 authentication.
service telnet
{
	flags		= REUSE
	socket_type	= stream        
	wait		= no
	user		= root
	server		= /usr/sbin/krb5-telnetd
	log_on_failure	+= USERID
	disable		= yes
}
etc/xinetd.d/kshell000064400000000000000000000004531152521633300145540ustar00rootroot00000000000000# default: off
# description: The kerberized rshell server accepts rshell commands \
#              authenticated and encrypted with Kerberos 5.
service kshell
{
	flags		= REUSE
	socket_type	= stream        
	wait		= no
	user		= root
	server		= /usr/sbin/kshd
	server_args	= -e -5
	disable		= yes
}
var/000075500000000000000000000000001152521633300116455ustar00rootroot00000000000000var/lib/000075500000000000000000000000001152521633300124135ustar00rootroot00000000000000var/lib/kerberos/000075500000000000000000000000001152521633300142275ustar00rootroot00000000000000var/lib/kerberos/krb5kdc/000075500000000000000000000000001152521633300155545ustar00rootroot00000000000000var/lib/kerberos/krb5kdc/kadm5.acl000064400000000000000000000000261152521633300172340ustar00rootroot00000000000000*/admin@EXAMPLE.COM	*
var/lib/kerberos/krb5kdc/kdc.conf000064400000000000000000000005121152521633300171620ustar00rootroot00000000000000[kdcdefaults]
 acl_file = /var/lib/kerberos/krb5kdc/kadm5.acl
 dict_file = /usr/share/dict/words
 admin_keytab = /var/lib/kerberos/krb5kdc/kadm5.keytab

[realms]
 EXAMPLE.COM = {
  master_key_type = des-cbc-crc
  supported_enctypes = rc4-hmac:normal des-cbc-crc:normal des3-cbc-raw:normal des3-cbc-sha1:normal des-cbc-crc:afs3
 }
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin