rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- use portreserve to make sure the KDC can always bind to the kerberos-iv

Browse Source 
port, kpropd can always bind to the krb5_prop port, and that kadmind
    can always bind to the kerberos-adm port (#555279)
- correct inadvertent use of macros in the changelog (rpmlint)
This commit is contained in:
Nalin Dahyabhai 2010-01-14 21:14:26 +00:00
parent 60b2cbeb09
commit 2baf72c02f
5 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
kadmind.init
View File

@ -15,6 +15,7 @@
# Provides: kadmin # Provides: kadmin
# Required-Start: $local_fs $network # Required-Start: $local_fs $network
# Required-Stop: $local_fs $network # Required-Stop: $local_fs $network
# Should-Start: portreserve
# Default-Start: # Default-Start:
# Default-Stop: 0 1 2 3 4 5 6 # Default-Stop: 0 1 2 3 4 5 6
# Short-Description: start and stop the Kerberos 5 admin server # Short-Description: start and stop the Kerberos 5 admin server
@ -53,6 +54,8 @@ start() {
[ -x $kadmind ] || exit 5 [ -x $kadmind ] || exit 5
fi fi
echo -n $"Starting $prog: " echo -n $"Starting $prog: "
# tell portreserve to release the kerberos-adm port
[ -x /sbin/portrelease ] && /sbin/portrelease kerberos-adm &>/dev/null || :
daemon ${kadmind} ${KRB5REALM:+-r ${KRB5REALM}} $KADMIND_ARGS daemon ${kadmind} ${KRB5REALM:+-r ${KRB5REALM}} $KADMIND_ARGS
RETVAL=$? RETVAL=$?
echo echo

3
kpropd.init
View File

@ -13,6 +13,7 @@
# Provides: kprop # Provides: kprop
# Required-Start: $local_fs $network # Required-Start: $local_fs $network
# Required-Stop: $local_fs $network # Required-Stop: $local_fs $network
# Should-Start: portreserve
# Default-Start: # Default-Start:
# Default-Stop: 0 1 2 3 4 5 6 # Default-Stop: 0 1 2 3 4 5 6
# Short-Description: start and stop the Kerberos 5 propagation client # Short-Description: start and stop the Kerberos 5 propagation client
@ -35,6 +36,8 @@ start() {
[ -f /var/kerberos/krb5kdc/kpropd.acl ] || exit 6 [ -f /var/kerberos/krb5kdc/kpropd.acl ] || exit 6
[ -x $kpropd ] || exit 5 [ -x $kpropd ] || exit 5
echo -n $"Starting $prog: " echo -n $"Starting $prog: "
# tell portreserve to release the krb5_prop port
[ -x /sbin/portrelease ] && /sbin/portrelease krb5_prop &>/dev/null || :
daemon ${kpropd} -S daemon ${kpropd} -S
RETVAL=$? RETVAL=$?
echo echo

3
krb5.portreserve Normal file
View File

@ -0,0 +1,3 @@
kerberos-adm/tcp
kerberos-iv
krb5_prop/tcp

16
krb5.spec
View File

@ -10,7 +10,7 @@
Summary: The Kerberos network authentication system Summary: The Kerberos network authentication system
Name: krb5 Name: krb5
Version: 1.7 Version: 1.7
Release: 18%{?dist} Release: 19%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead? # Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7-signed.tar # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7-signed.tar
Source0: krb5-%{version}.tar.gz Source0: krb5-%{version}.tar.gz
@ -42,6 +42,7 @@ Source26: gssftp.pamd
Source27: kshell.pamd Source27: kshell.pamd
Source28: ekshell.pamd Source28: ekshell.pamd
Source29: ksu.pamd Source29: ksu.pamd
Source30: krb5.portreserve
Patch3: krb5-1.3-netkit-rsh.patch Patch3: krb5-1.3-netkit-rsh.patch
Patch4: krb5-1.3-rlogind-environ.patch Patch4: krb5-1.3-rlogind-environ.patch
@ -145,6 +146,8 @@ Requires(preun): /sbin/install-info, chkconfig, initscripts
Requires(postun): initscripts Requires(postun): initscripts
# mktemp is used by krb5-send-pr # mktemp is used by krb5-send-pr
Requires: mktemp Requires: mktemp
# portreserve is used by init scripts for kadmind, kpropd, and krb5kdc
Requires: portreserve
%description server %description server
Kerberos is a network authentication system. The krb5-server package Kerberos is a network authentication system. The krb5-server package
@ -219,6 +222,12 @@ to obtain initial credentials from a KDC using a private key and a
certificate. certificate.
%changelog %changelog
* Thu Jan 14 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7-19
- use portreserve to make sure the KDC can always bind to the kerberos-iv
port, kpropd can always bind to the krb5_prop port, and that kadmind can
always bind to the kerberos-adm port (#555279)
- correct inadvertent use of macros in the changelog (rpmlint)
* Tue Jan 12 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7-18 * Tue Jan 12 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7-18
- add upstream patch for integer underflow during AES and RC4 decryption - add upstream patch for integer underflow during AES and RC4 decryption
(CVE-2009-4212), via Tom Yu (#545015) (CVE-2009-4212), via Tom Yu (#545015)
@ -302,7 +311,7 @@ certificate.
* Mon Jul 6 2009 Nalin Dahyabhai <nalin@redhat.com> * Mon Jul 6 2009 Nalin Dahyabhai <nalin@redhat.com>
- simplify the man pages patch by only preprocessing the files we care about - simplify the man pages patch by only preprocessing the files we care about
and moving shared configure.in logic into a shared function and moving shared configure.in logic into a shared function
- catch the case of ftpd printing file sizes using %i, when they might be - catch the case of ftpd printing file sizes using %%i, when they might be
bigger than an int now bigger than an int now
* Tue Jun 30 2009 Nalin Dahyabhai <nalin@redhat.com> 1.7-4 * Tue Jun 30 2009 Nalin Dahyabhai <nalin@redhat.com> 1.7-4
@ -1682,6 +1691,8 @@ install -pm 755 $RPM_SOURCE_DIR/kpropd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/kpro
mkdir -p $RPM_BUILD_ROOT/etc/sysconfig mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
install -pm 644 $RPM_SOURCE_DIR/krb5kdc.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/krb5kdc install -pm 644 $RPM_SOURCE_DIR/krb5kdc.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/krb5kdc
install -pm 644 $RPM_SOURCE_DIR/kadmin.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/kadmin install -pm 644 $RPM_SOURCE_DIR/kadmin.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/kadmin
mkdir -p $RPM_BUILD_ROOT/etc/portreserve
install -pm 644 $RPM_SOURCE_DIR/krb5.portreserve $RPM_BUILD_ROOT/etc/portreserve/krb5
# Xinetd configuration files. # Xinetd configuration files.
mkdir -p $RPM_BUILD_ROOT/etc/xinetd.d/ mkdir -p $RPM_BUILD_ROOT/etc/xinetd.d/
@ -1950,6 +1961,7 @@ exit 0
/etc/rc.d/init.d/kprop /etc/rc.d/init.d/kprop
%config(noreplace) /etc/sysconfig/krb5kdc %config(noreplace) /etc/sysconfig/krb5kdc
%config(noreplace) /etc/sysconfig/kadmin %config(noreplace) /etc/sysconfig/kadmin
%config(noreplace) /etc/portreserve/krb5
%doc doc/admin*.ps.gz %doc doc/admin*.ps.gz
%doc doc/install*.ps.gz %doc doc/install*.ps.gz

3
krb5kdc.init
View File

@ -14,6 +14,7 @@
# Provides: krb5kdc # Provides: krb5kdc
# Required-Start: $local_fs $network # Required-Start: $local_fs $network
# Required-Stop: $local_fs $network # Required-Stop: $local_fs $network
# Should-Start: portreserve
# Default-Start: # Default-Start:
# Default-Stop: 0 1 2 3 4 5 6 # Default-Stop: 0 1 2 3 4 5 6
# Short-Description: start and stop the Kerberos 5 KDC # Short-Description: start and stop the Kerberos 5 KDC
@ -38,6 +39,8 @@ krb5kdc=/usr/kerberos/sbin/krb5kdc
start() { start() {
[ -x $krb5kdc ] || exit 5 [ -x $krb5kdc ] || exit 5
echo -n $"Starting $prog: " echo -n $"Starting $prog: "
# tell portreserve to release the kerberos-iv port
[ -x /sbin/portrelease ] && /sbin/portrelease kerberos-iv &>/dev/null || :
daemon ${krb5kdc} ${KRB5REALM:+-r ${KRB5REALM}} $KRB5KDC_ARGS daemon ${krb5kdc} ${KRB5REALM:+-r ${KRB5REALM}} $KRB5KDC_ARGS
RETVAL=$? RETVAL=$?
echo echo