Репозиторий Sisyphus
Последнее обновление: 1 октября 2023 | Пакетов: 18631 | Посещений: 37409153
en ru br
Репозитории ALT
S:1.21.2-alt1
5.1: 1.6.3-alt10.M50P.1
4.1: 1.6.3-alt3.M41.4
4.0: 1.5.1-alt4.M40.5
+updates:1.5.1-alt4.M40.5
3.0: 1.4.1-alt1
www.altlinux.org/Changes

Группа :: Система/Библиотеки
Пакет: krb5

 Главная   Изменения   Спек   Патчи   Исходники   Загрузить   Gear   Bugs and FR  Repocop 

etc/000075500000000000000000000000001116641616600116375ustar00rootroot00000000000000etc/krb5.conf000064400000000000000000000011461116641616600133530ustar00rootroot00000000000000[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = EXAMPLE.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false

[realms]
 EXAMPLE.COM = {
  kdc = kerberos.example.com:88
  admin_server = kerberos.example.com:749
  default_domain = example.com
 }

[domain_realm]
 .example.com = EXAMPLE.COM
 example.com = EXAMPLE.COM

[kdc]
 profile = /var/lib/kerberos/krb5kdc/kdc.conf

[pam]
 debug = false
 ticket_lifetime = 36000
 renew_lifetime = 36000
 forwardable = true
 krb4_convert = false
etc/rc.d/000075500000000000000000000000001116641616600124655ustar00rootroot00000000000000etc/rc.d/init.d/000075500000000000000000000000001116641616600136525ustar00rootroot00000000000000etc/rc.d/init.d/kadmin000075500000000000000000000041261116641616600150460ustar00rootroot00000000000000#!/bin/bash
#
# kadmind      Start and stop the Kerberos 5 administrative server.
#
# chkconfig:   345 35 65
# description: Kerberos 5 is a trusted third-party authentication system.  \
#	       This script starts and stops the Kerberos 5 administrative \
#              server, which should only be run on the master server for a \
#              realm.
# processname: kadmind
#

WITHOUT_RC_COMPAT=1

# Source function library.
. /etc/init.d/functions

# Get config.
SourceIfNotEmpty /etc/sysconfig/network

LOCKFILE=/var/lock/subsys/kadmin
KDC_PATH=/var/lib/kerberos/krb5kdc
RETVAL=0


extract_keys()
{
    action $"Extracting kadm5 Service Keys: " \
	/usr/sbin/kadmin.local -q "ktadd\ -k\ ${KDC_PATH}/kadm5.keytab\ kadmin/admin\ kadmin/changepw"
}

start()
{
    is_yes "$NETWORKING" || return 0

    [ -f "$KDC_PATH/principal" ] || return 0
    [ ! -f "$KDC_PATH/kpropd.acl" ] || return 0

    [ -f "$KDC_PATH/kadm5.keytab" ] || extract_keys

    start_daemon --lockfile "$LOCKFILE" --expect-user root -- kadmind
    RETVAL=$?
    return $RETVAL
}

stop()
{
    stop_daemon --lockfile "$LOCKFILE" --expect-user root -- kadmind
    RETVAL=$?
    return $RETVAL
}

restart()
{
    stop
    start
}

reload()
{        
    msg_reloading kadmind
    stop_daemon --expect-user root -HUP -- kadmind
    RETVAL=$?
    return $RETVAL
}

# See how we were called.
case "$1" in
    start)
            start
            ;;
    stop)
            stop
            ;;
    reload)
            reload
            ;;
    restart)
            restart
            ;;
    condstop)
            if [ -e "$LOCKFILE" ]; then
                    stop
            fi
            ;;
    condrestart)
            if [ -e "$LOCKFILE" ]; then
                    restart
            fi
            ;;
    condreload)
            if [ -e "$LOCKFILE" ]; then
                    reload
            fi
            ;;
    status)
            status --expect-user root -- kadmind
            RETVAL=$?
            ;;
    *)
            msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}"
            RETVAL=1
esac

exit $RETVAL
etc/rc.d/init.d/kdcrotate000075500000000000000000000020741116641616600155630ustar00rootroot00000000000000#!/bin/sh
#
# kdcrotate     This shell script rotates the list of KDCs in /etc/krb5.conf
#
# Author:       Based on SysV Init in RHS Linux by Damien Neil
#               Written by Nalin Dahyabhai <nalin@redhat.com>
#
# chkconfig:	345 99 01
#
# description:  Rotate the list of KDCs listed in /etc/krb5.conf
#

PATH=/sbin:$PATH

# Only run in runlevels where we're 'enabled', which should only be 345.
if [ "$1" != "start" ] ; then
	exit 0
fi

# source function library
. /etc/rc.d/init.d/functions

action "Rotating KDC list" "awk '	/^[[:space:]]*kdc[[:space:]]*=/ { \\
		if(length(firstkdc) == 0) { \\
			firstkdc = \$0; \\
		} else { \\
			if(length(kdclist) > 0) { \\
				kdclist = kdclist ORS; \\
			} \\
			kdclist = kdclist \$0; \\
		} \\
		next; \\
	} \\
	{ \\
		if(length(kdclist) > 0) { \\
			NEWCONFIG = NEWCONFIG kdclist ORS; \\
		} \\
		if(length(firstkdc) > 0) { \\
			NEWCONFIG = NEWCONFIG firstkdc ORS; \\
		} \\
		firstkdc = \"\"; \\
		kdclist = \"\"; \\
		NEWCONFIG = NEWCONFIG \$0 ORS; \\
	} \\
	END {printf \"%s\", NEWCONFIG > \"/etc/krb5.conf\"}' /etc/krb5.conf"
etc/rc.d/init.d/kprop000075500000000000000000000034621116641616600147400ustar00rootroot00000000000000#!/bin/bash
#
# kpropd.init  Start and stop the Kerberos 5 propagation client.
#
# chkconfig:   345 35 65
# description: Kerberos 5 is a trusted third-party authentication system.  \
#	       This script starts and stops the service that allows this \
#              KDC to receive updates from your master KDC.
# processname: kpropd
#

WITHOUT_RC_COMPAT=1

# Source function library.
. /etc/init.d/functions

# Get config.
SourceIfNotEmpty /etc/sysconfig/network

LOCKFILE=/var/lock/subsys/kprop
KDC_PATH=/var/lib/kerberos/krb5kdc
RETVAL=0

# Sheel functions to cut down on useless shell instances.
start()
{
    is_yes "$NETWORKING" || return 0

    [ -f "$KDC_PATH/kpropd.acl" ] || return 0

    start_daemon --lockfile "$LOCKFILE" -- kpropd -S
    RETVAL=$?
    return $RETVAL
}

stop()
{
    stop_daemon --lockfile "$LOCKFILE" -- kpropd
    RETVAL=$?
    return $RETVAL
}

restart()
{
    stop
    start
}

reload()
{        
    msg_reloading kpropd
    stop_daemon --expect-user root -HUP -- kpropd
    RETVAL=$?
    return $RETVAL
}

# See how we were called.
case "$1" in
    start)
            start
            ;;
    stop)
            stop
            ;;
    reload)
            reload
            ;;
    restart)
            restart
            ;;
    condstop)
            if [ -e "$LOCKFILE" ]; then
                    stop
            fi
            ;;
    condrestart)
            if [ -e "$LOCKFILE" ]; then
                    restart
            fi
            ;;
    condreload)
            if [ -e "$LOCKFILE" ]; then
                    reload
            fi
            ;;
    status)
            status --expect-user root -- kpropd
            RETVAL=$?
            ;;
    *)
            msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}"
            RETVAL=1
esac

exit $RETVAL
etc/rc.d/init.d/krb5kdc000075500000000000000000000034511116641616600151300ustar00rootroot00000000000000#!/bin/bash
#
# krb5kdc      Start and stop the Kerberos 5 servers.
#
# chkconfig:   345 35 65
# description: Kerberos 5 is a trusted third-party authentication system.  \
#	       This script starts and stops the server that Kerberos IV and 5 \
#	       clients need to connect to in order to obtain credentials.
# processname: krb5kdc
#

WITHOUT_RC_COMPAT=1

# Source function library.
. /etc/init.d/functions

# Get config.
SourceIfNotEmpty /etc/sysconfig/network

LOCKFILE=/var/lock/subsys/krb5kdc
KDC_PATH=/var/lib/kerberos/krb5kdc/
RETVAL=0

start()
{
    is_yes "$NETWORKING" || return 0

    [ -f "$KDC_PATH/principal" ] || return 0

    start_daemon --lockfile "$LOCKFILE" -- krb5kdc
    RETVAL=$?
    return $RETVAL
}

stop()
{
    stop_daemon --lockfile "$LOCKFILE" -- krb5kdc
    RETVAL=$?
    return $RETVAL
}

restart()
{
    stop
    start
}

reload()
{        
    msg_reloading krb5kdc
    stop_daemon --pidfile "$PIDFILE" --expect-user root -HUP -- krb5kdc
    RETVAL=$?
    return $RETVAL
}

# See how we were called.
case "$1" in
    start)
            start
            ;;
    stop)
            stop
            ;;
    reload)
            reload
            ;;
    restart)
            restart
            ;;
    condstop)
            if [ -e "$LOCKFILE" ]; then
                    stop
            fi
            ;;
    condrestart)
            if [ -e "$LOCKFILE" ]; then
                    restart
            fi
            ;;
    condreload)
            if [ -e "$LOCKFILE" ]; then
                    reload
            fi
            ;;
    status)
            status --pidfile "$PIDFILE" --expect-user root -- krb5kdc
            RETVAL=$?
            ;;
    *)
            msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}"
            RETVAL=1
esac

exit $RETVAL
etc/xinetd.d/000075500000000000000000000000001116641616600133545ustar00rootroot00000000000000etc/xinetd.d/eklogin000064400000000000000000000004721116641616600147320ustar00rootroot00000000000000# default: off
# description: The encrypting kerberized rlogin server accepts rlogin sessions \
#              authenticated and encrypted with Kerberos 5.
service eklogin
{
	flags		= REUSE
	socket_type	= stream        
	wait		= no
	user		= root
	server		= /usr/sbin/klogind
	server_args	= -e -5
	disable		= yes
}
etc/xinetd.d/gssftp000064400000000000000000000005021116641616600146020ustar00rootroot00000000000000# default: off
# description: The kerberized FTP server accepts FTP connections \
#              that can be authenticated with Kerberos 5.
service ftp
{
	flags		= REUSE
	socket_type	= stream        
	wait		= no
	user		= root
	server		= /usr/sbin/krb5-ftpd
	server_args	= -l -a
	log_on_failure	+= USERID
	disable		= yes
}
etc/xinetd.d/klogin000064400000000000000000000004551116641616600145660ustar00rootroot00000000000000# default: off
# description: The kerberized rlogin server accepts BSD-style rlogin sessions, \
#              but uses Kerberos 5 authentication.
service klogin
{
	flags		= REUSE
	socket_type	= stream        
	wait		= no
	user		= root
	server		= /usr/sbin/klogind
	server_args	= -5
	disable		= yes
}
etc/xinetd.d/krb5-telnet000064400000000000000000000004771116641616600154430ustar00rootroot00000000000000# default: off
# description: The kerberized telnet server accepts normal telnet sessions, \
#              but can also use Kerberos 5 authentication.
service telnet
{
	flags		= REUSE
	socket_type	= stream        
	wait		= no
	user		= root
	server		= /usr/sbin/krb5-telnetd
	log_on_failure	+= USERID
	disable		= yes
}
etc/xinetd.d/kshell000064400000000000000000000004531116641616600145630ustar00rootroot00000000000000# default: off
# description: The kerberized rshell server accepts rshell commands \
#              authenticated and encrypted with Kerberos 5.
service kshell
{
	flags		= REUSE
	socket_type	= stream        
	wait		= no
	user		= root
	server		= /usr/sbin/kshd
	server_args	= -e -5
	disable		= yes
}
var/000075500000000000000000000000001116641616600116545ustar00rootroot00000000000000var/lib/000075500000000000000000000000001116641616600124225ustar00rootroot00000000000000var/lib/kerberos/000075500000000000000000000000001116641616600142365ustar00rootroot00000000000000var/lib/kerberos/krb5kdc/000075500000000000000000000000001116641616600155635ustar00rootroot00000000000000var/lib/kerberos/krb5kdc/kadm5.acl000064400000000000000000000000261116641616600172430ustar00rootroot00000000000000*/admin@EXAMPLE.COM	*
var/lib/kerberos/krb5kdc/kdc.conf000064400000000000000000000005121116641616600171710ustar00rootroot00000000000000[kdcdefaults]
 acl_file = /var/lib/kerberos/krb5kdc/kadm5.acl
 dict_file = /usr/share/dict/words
 admin_keytab = /var/lib/kerberos/krb5kdc/kadm5.keytab

[realms]
 EXAMPLE.COM = {
  master_key_type = des-cbc-crc
  supported_enctypes = rc4-hmac:normal des-cbc-crc:normal des3-cbc-raw:normal des3-cbc-sha1:normal des-cbc-crc:afs3
 }
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin