- update to 1.4

- v1.4 kadmin client requires a v1.4 kadmind on the server, or use the "-O"
    flag to specify that it should communicate with the server using the
    older protocol
- new libkrb5support library
- v5passwdd and kadmind4 are gone
- versioned symbols
- pick up $KRB5KDC_ARGS from /etc/sysconfig/krb5kdc, if it exists, and pass
    it on to krb5kdc
- pick up $KADMIND_ARGS from /etc/sysconfig/kadmin, if it exists, and pass
    it on to kadmind
- pick up $KRB524D_ARGS from /etc/sysconfig/krb524, if it exists, and pass
    it on to krb524d *instead of* "-m"
- set "forwardable" in [libdefaults] in the default krb5.conf to match the
    default setting which we supply for pam_krb5
- set a default of 24h for "ticket_lifetime" in [libdefaults], reflecting
    the compiled-in default

.cvsignore

@@ -3,3 +3,5 @@ krb5-1.3.5.tar.gz
 krb5-1.3.5.tar.gz.asc
 krb5-1.3.6.tar.gz
 krb5-1.3.6.tar.gz.asc
+krb5-1.4.tar.gz
+krb5-1.4.tar.gz.asc

kadmin.sysconfig

@@ -0,0 +1 @@
+KADMIND_ARGS=

kadmind.init

@@ -16,6 +16,9 @@
 # Check that networking is up.
 [ ${NETWORKING} = "no" ] && exit 0
 
+# Get config.
+[ -r /etc/sysconfig/kadmin ] && . /etc/sysconfig/kadmin
+
 # Source function library.
 . /etc/init.d/functions
 prog="Kerberos 5 Admin Server"
@@ -38,7 +41,7 @@ start() {
 	    fi
 	fi
 	echo -n $"Starting $prog: "
-	daemon ${kadmind}
+	daemon ${kadmind} $KADMIND_ARGS
 	RETVAL=$?
 	echo
 	[ $RETVAL = 0 ] && touch /var/lock/subsys/kadmin

krb5-1.4-ktany.patch

@@ -0,0 +1,344 @@
+--- krb5-1.4/src/lib/krb5/keytab/ktbase.c.ktany	2004-05-27 23:44:32.000000000 -0400
++++ krb5-1.4/src/lib/krb5/keytab/ktbase.c	2005-02-18 11:01:18.000000000 -0500
+@@ -34,14 +34,19 @@
+ extern const krb5_kt_ops krb5_ktf_ops;
+ extern const krb5_kt_ops krb5_ktf_writable_ops;
+ extern const krb5_kt_ops krb5_kts_ops;
++extern const krb5_kt_ops krb5_kta_ops;
+ 
+ struct krb5_kt_typelist {
+     const krb5_kt_ops *ops;
+     const struct krb5_kt_typelist *next;
+ };
++static struct krb5_kt_typelist krb5_kt_typelist_any  = {
++    &krb5_kta_ops,
++    0
++};
+ const static struct krb5_kt_typelist krb5_kt_typelist_wrfile  = {
+     &krb5_ktf_writable_ops,
+-    0
++    &krb5_kt_typelist_any
+ };
+ const static struct krb5_kt_typelist krb5_kt_typelist_file  = {
+     &krb5_ktf_ops,
+--- /dev/null	2005-02-18 05:27:12.242575752 -0500
++++ krb5-1.4/src/lib/krb5/keytab/kt_any.c	2005-02-18 10:38:09.000000000 -0500
+@@ -0,0 +1,292 @@
++/*
++ * lib/krb5/keytab/kt_any.c
++ *
++ * Copyright 1998, 1999 by the Massachusetts Institute of Technology.
++ * All Rights Reserved.
++ *
++ * Export of this software from the United States of America may
++ *   require a specific license from the United States Government.
++ *   It is the responsibility of any person or organization contemplating
++ *   export to obtain such a license before exporting.
++ * 
++ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
++ * distribute this software and its documentation for any purpose and
++ * without fee is hereby granted, provided that the above copyright
++ * notice appear in all copies and that both that copyright notice and
++ * this permission notice appear in supporting documentation, and that
++ * the name of M.I.T. not be used in advertising or publicity pertaining
++ * to distribution of the software without specific, written prior
++ * permission.  M.I.T. makes no representations about the suitability of
++ * this software for any purpose.  It is provided "as is" without express
++ * or implied warranty.
++ * 
++ *
++ * krb5_kta_ops
++ */
++
++#include "k5-int.h"
++
++typedef struct _krb5_ktany_data {
++    char *name;
++    krb5_keytab *choices;
++    int nchoices;
++} krb5_ktany_data;
++
++typedef struct _krb5_ktany_cursor_data {
++    int which;
++    krb5_kt_cursor cursor;
++} krb5_ktany_cursor_data;
++
++static krb5_error_code krb5_ktany_resolve
++	          (krb5_context,
++		   const char *,
++		   krb5_keytab *);
++static krb5_error_code krb5_ktany_get_name
++	          (krb5_context context,
++		   krb5_keytab id,
++		   char *name,
++		   unsigned int len);
++static krb5_error_code krb5_ktany_close
++	          (krb5_context context,
++		   krb5_keytab id);
++static krb5_error_code krb5_ktany_get_entry
++	          (krb5_context context,
++		   krb5_keytab id,
++		   krb5_const_principal principal,
++		   krb5_kvno kvno,
++		   krb5_enctype enctype,
++		   krb5_keytab_entry *entry);
++static krb5_error_code krb5_ktany_start_seq_get
++	          (krb5_context context,
++		   krb5_keytab id,
++		   krb5_kt_cursor *cursorp);
++static krb5_error_code krb5_ktany_next_entry
++	          (krb5_context context,
++		   krb5_keytab id,
++		   krb5_keytab_entry *entry,
++		   krb5_kt_cursor *cursor);
++static krb5_error_code krb5_ktany_end_seq_get
++	          (krb5_context context,
++		   krb5_keytab id,
++		   krb5_kt_cursor *cursor);
++static void cleanup
++	          (krb5_context context,
++		   krb5_ktany_data *data,
++		   int nchoices);
++
++struct _krb5_kt_ops krb5_kta_ops = {
++    0,
++    "ANY", 	/* Prefix -- this string should not appear anywhere else! */
++    krb5_ktany_resolve,
++    krb5_ktany_get_name,
++    krb5_ktany_close,
++    krb5_ktany_get_entry,
++    krb5_ktany_start_seq_get,
++    krb5_ktany_next_entry,
++    krb5_ktany_end_seq_get,
++    0,
++    0,
++    0
++};
++
++static krb5_error_code
++krb5_ktany_resolve(context, name, id)
++    krb5_context context;
++    const char *name;
++    krb5_keytab *id;
++{
++    const char *p, *q;
++    char *copy;
++    krb5_error_code kerror;
++    krb5_ktany_data *data;
++    int i;
++
++    /* Allocate space for our data and remember a copy of the name. */
++    if ((data = (krb5_ktany_data *)malloc(sizeof(krb5_ktany_data))) == NULL)
++	return(ENOMEM);
++    if ((data->name = (char *)malloc(strlen(name) + 1)) == NULL) {
++	krb5_xfree(data);
++	return(ENOMEM);
++    }
++    strcpy(data->name, name);
++
++    /* Count the number of choices and allocate memory for them. */
++    data->nchoices = 1;
++    for (p = name; (q = strchr(p, ',')) != NULL; p = q + 1)
++	data->nchoices++;
++    if ((data->choices = (krb5_keytab *)
++	 malloc(data->nchoices * sizeof(krb5_keytab))) == NULL) {
++	krb5_xfree(data->name);
++	krb5_xfree(data);
++	return(ENOMEM);
++    }
++
++    /* Resolve each of the choices. */
++    i = 0;
++    for (p = name; (q = strchr(p, ',')) != NULL; p = q + 1) {
++	/* Make a copy of the choice name so we can terminate it. */
++	if ((copy = (char *)malloc(q - p + 1)) == NULL) {
++	    cleanup(context, data, i);
++	    return(ENOMEM);
++	}
++	memcpy(copy, p, q - p);
++	copy[q - p] = 0;
++
++	/* Try resolving the choice name. */
++	kerror = krb5_kt_resolve(context, copy, &data->choices[i]);
++	krb5_xfree(copy);
++	if (kerror) {
++	    cleanup(context, data, i);
++	    return(kerror);
++	}
++	i++;
++    }
++    if ((kerror = krb5_kt_resolve(context, p, &data->choices[i]))) {
++	cleanup(context, data, i);
++	return(kerror);
++    }
++
++    /* Allocate and fill in an ID for the caller. */
++    if ((*id = (krb5_keytab)malloc(sizeof(**id))) == NULL) {
++	cleanup(context, data, i);
++	return(ENOMEM);
++    }
++    (*id)->ops = &krb5_kta_ops;
++    (*id)->data = (krb5_pointer)data;
++    (*id)->magic = KV5M_KEYTAB;
++
++    return(0);
++}
++
++static krb5_error_code
++krb5_ktany_get_name(context, id, name, len)
++    krb5_context context;
++    krb5_keytab id;
++    char *name;
++    unsigned int len;
++{
++    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
++
++    if (len < strlen(data->name) + 1)
++	return(KRB5_KT_NAME_TOOLONG);
++    strcpy(name, data->name);
++    return(0);
++}
++
++static krb5_error_code
++krb5_ktany_close(context, id)
++    krb5_context context;
++    krb5_keytab id;
++{
++    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
++
++    cleanup(context, data, data->nchoices);
++    id->ops = 0;
++    krb5_xfree(id);
++    return(0);
++}
++
++static krb5_error_code
++krb5_ktany_get_entry(context, id, principal, kvno, enctype, entry)
++    krb5_context context;
++    krb5_keytab id;
++    krb5_const_principal principal;
++    krb5_kvno kvno;
++    krb5_enctype enctype;
++    krb5_keytab_entry *entry;
++{
++    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
++    krb5_error_code kerror = KRB5_KT_NOTFOUND;
++    int i;
++
++    for (i = 0; i < data->nchoices; i++) {
++	if ((kerror = krb5_kt_get_entry(context, data->choices[i], principal,
++					kvno, enctype, entry)) != ENOENT)
++	    return kerror;
++    }
++    return kerror;
++}
++
++static krb5_error_code
++krb5_ktany_start_seq_get(context, id, cursorp)
++    krb5_context context;
++    krb5_keytab id;
++    krb5_kt_cursor *cursorp;
++{
++    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
++    krb5_ktany_cursor_data *cdata;
++    krb5_error_code kerror = ENOENT;
++    int i;
++
++    if ((cdata = (krb5_ktany_cursor_data *)
++	 malloc(sizeof(krb5_ktany_cursor_data))) == NULL)
++	return(ENOMEM);
++
++    /* Find a choice which can handle the serialization request. */
++    for (i = 0; i < data->nchoices; i++) {
++	if ((kerror = krb5_kt_start_seq_get(context, data->choices[i],
++					    &cdata->cursor)) == 0)
++	    break;
++	else if (kerror != ENOENT) {
++	    krb5_xfree(cdata);
++	    return(kerror);
++	}
++    }
++
++    if (i == data->nchoices) {
++	/* Everyone returned ENOENT, so no go. */
++	krb5_xfree(cdata);
++	return(kerror);
++    }
++
++    cdata->which = i;
++    *cursorp = (krb5_kt_cursor)cdata;
++    return(0);
++}
++
++static krb5_error_code
++krb5_ktany_next_entry(context, id, entry, cursor)
++    krb5_context context;
++    krb5_keytab id;
++    krb5_keytab_entry *entry;
++    krb5_kt_cursor *cursor;
++{
++    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
++    krb5_ktany_cursor_data *cdata = (krb5_ktany_cursor_data *)*cursor;
++    krb5_keytab choice_id;
++
++    choice_id = data->choices[cdata->which];
++    return(krb5_kt_next_entry(context, choice_id, entry, &cdata->cursor));
++}
++
++static krb5_error_code
++krb5_ktany_end_seq_get(context, id, cursor)
++    krb5_context context;
++    krb5_keytab id;
++    krb5_kt_cursor *cursor;
++{
++    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
++    krb5_ktany_cursor_data *cdata = (krb5_ktany_cursor_data *)*cursor;
++    krb5_keytab choice_id;
++    krb5_error_code kerror;
++
++    choice_id = data->choices[cdata->which];
++    kerror = krb5_kt_end_seq_get(context, choice_id, &cdata->cursor);
++    krb5_xfree(cdata);
++    return(kerror);
++}
++
++static void
++cleanup(context, data, nchoices)
++    krb5_context context;
++    krb5_ktany_data *data;
++    int nchoices;
++{
++    int i;
++
++    krb5_xfree(data->name);
++    for (i = 0; i < nchoices; i++)
++	krb5_kt_close(context, data->choices[i]);
++    krb5_xfree(data->choices);
++    krb5_xfree(data);
++}
+--- krb5-1.4/src/lib/krb5/keytab/Makefile.in.ktany	2004-05-27 23:44:32.000000000 -0400
++++ krb5-1.4/src/lib/krb5/keytab/Makefile.in	2005-02-18 10:38:09.000000000 -0500
+@@ -14,6 +14,7 @@
+ 	ktfr_entry.o	\
+ 	ktremove.o	\
+ 	ktfns.o		\
++	kt_any.o	\
+ 	kt_file.o	\
+ 	kt_srvtab.o	\
+ 	read_servi.o
+@@ -25,6 +26,7 @@
+ 	$(OUTPRE)ktfr_entry.$(OBJEXT)	\
+ 	$(OUTPRE)ktremove.$(OBJEXT)	\
+ 	$(OUTPRE)ktfns.$(OBJEXT)	\
++	$(OUTPRE)kt_any.$(OBJEXT)	\
+ 	$(OUTPRE)kt_file.$(OBJEXT)	\
+ 	$(OUTPRE)kt_srvtab.$(OBJEXT)	\
+ 	$(OUTPRE)read_servi.$(OBJEXT)
+@@ -36,6 +38,7 @@
+ 	$(srcdir)/ktfr_entry.c	\
+ 	$(srcdir)/ktremove.c	\
+ 	$(srcdir)/ktfns.c	\
++	$(srcdir)/kt_any.c	\
+ 	$(srcdir)/kt_file.c	\
+ 	$(srcdir)/kt_srvtab.c	\
+ 	$(srcdir)/read_servi.c

krb5-1.4-null.patch

@@ -0,0 +1,33 @@
+Screen out interfaces which have no address in foreach_localaddr().  (Per man
+pages for OpenBSD and OS/X, they are legal.)  If it doesn't have an address,
+the functions which call this function (src/kdc/network.c, which wants to
+listen on the interfaces, and src/lib/krb5/os/localaddr.c, which just wants a
+list of local addresses), have no use for it anyway.
+
+This is slightly different than the fix proposed by Paul Jakma at
+http://mailman.mit.edu/pipermail/krb5-bugs/2004-January/002152.html, but is
+more or less equivalent.
+
+Don't worry, printifaddr() already checks that ifp->ifa_addr != NULL before
+printing it.
+
+--- krb5-1.4/src/lib/krb5/os/localaddr.c	2005-02-18 11:20:52.000000000 -0500
++++ krb5-1.4/src/lib/krb5/os/localaddr.c	2005-02-18 11:23:52.000000000 -0500
+@@ -435,6 +435,8 @@
+ #ifdef DEBUG
+ 	printifaddr (ifp);
+ #endif
++	if (ifp->ifa_addr == NULL)
++	    continue;
+ 	if ((ifp->ifa_flags & IFF_UP) == 0)
+ 	    continue;
+ 	if (ifp->ifa_flags & IFF_LOOPBACK) {
+@@ -458,6 +460,8 @@
+ 	/* If this address is a duplicate, punt.  */
+ 	match = 0;
+ 	for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
++	    if (ifp2->ifa_addr == NULL)
++		continue;
+ 	    if ((ifp2->ifa_flags & IFF_UP) == 0)
+ 		continue;
+ 	    if (ifp2->ifa_flags & IFF_LOOPBACK)

krb5.conf

@@ -7,6 +7,8 @@
  default_realm = EXAMPLE.COM
  dns_lookup_realm = false
  dns_lookup_kdc = false
+ ticket_lifetime = 24h
+ forwardable = yes
 
 [realms]
  EXAMPLE.COM = {

krb5.spec

@@ -6,10 +6,10 @@
 
 Summary: The Kerberos network authentication system.
 Name: krb5
-Version: 1.3.6
-Release: 3
+Version: 1.4
+Release: 1
 # Maybe we should explode from the now-available-to-everybody tarball instead?
-# http://web.mit.edu/kerberos/www/dist/krb5/1.3/krb5-1.3.5.tar
+# http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4-signed.tar
 Source0: krb5-%{version}.tar.gz
 Source1: krb5-%{version}.tar.gz.asc
 Source2: kpropd.init
@@ -29,6 +29,9 @@ Source15: klogin.xinetd
 Source16: kshell.xinetd
 Source17: krb5-telnet.xinetd
 Source18: gssftp.xinetd
+Source19: krb5kdc.sysconfig
+Source20: kadmin.sysconfig
+Source21: krb524.sysconfig
 
 Patch0: krb5-1.3-gcc33.patch
 Patch1: krb5-1.3-info-dir.patch
@@ -39,19 +42,18 @@ Patch5: krb5-1.3-ksu-access.patch
 Patch6: krb5-1.3-ksu-path.patch
 Patch9: krb5-1.1.1-brokenrev.patch
 Patch11: krb5-1.2.1-passive.patch
-Patch12: krb5-1.3-ktany.patch
+Patch12: krb5-1.4-ktany.patch
 Patch13: krb5-1.3-large-file.patch
 Patch14: krb5-1.3-ftp-glob.patch
 Patch15: krb5-1.3-check.patch
 Patch16: krb5-1.3.3-no-rpath.patch
 Patch17: krb5-1.3-pass-by-address.patch
 Patch18: krb5-1.2.7-reject-bad-transited.patch
-Patch20: krb5-1.3.1-varargs.patch
 Patch21: krb5-selinux.patch
 Patch22: krb5-1.3.1-32.patch
 Patch23: krb5-1.3.1-dns.patch
-Patch24: krb5-1.3.1-server-sort.patch
-Patch25: krb5-1.3.1-null.patch
+Patch24: krb5-1.4-server-sort.patch
+Patch25: krb5-1.4-null.patch
 Patch26: krb5-1.3.2-efence.patch
 Patch27: krb5-1.3.3-rcp-sendlarge.patch
 Patch28: krb5-1.3.5-gethostbyname_r.patch
@@ -122,6 +124,25 @@ network uses Kerberos, this package should be installed on every
 workstation.
 
 %changelog
+* Thu Feb 24 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4-1
+- update to 1.4
+  - v1.4 kadmin client requires a v1.4 kadmind on the server, or use the "-O"
+    flag to specify that it should communicate with the server using the older
+    protocol
+  - new libkrb5support library
+  - v5passwdd and kadmind4 are gone
+  - versioned symbols
+- pick up $KRB5KDC_ARGS from /etc/sysconfig/krb5kdc, if it exists, and pass
+  it on to krb5kdc
+- pick up $KADMIND_ARGS from /etc/sysconfig/kadmin, if it exists, and pass
+  it on to kadmind
+- pick up $KRB524D_ARGS from /etc/sysconfig/krb524, if it exists, and pass
+  it on to krb524d *instead of* "-m"
+- set "forwardable" in [libdefaults] in the default krb5.conf to match the
+  default setting which we supply for pam_krb5
+- set a default of 24h for "ticket_lifetime" in [libdefaults], reflecting the
+  compiled-in default
+
 * Mon Dec 20 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.6-3
 - rebuild
 
@@ -748,7 +769,7 @@ workstation.
 - added --force to makeinfo commands to skip errors during build
 
 %prep
-%setup -q -n %{name}-%{version}
+%setup -q
 # No longer necessary with e2fsprogs >= 1.35, it seems.
 # %patch0  -p1 -b .gcc33
 %patch1  -p1 -b .info-dir
@@ -767,7 +788,6 @@ workstation.
 # Hopefully no longer needed to work around compiler bug.
 # %patch17 -p1 -b .pass-by-address
 %patch18 -p1 -b .reject-bad-transited
-%patch20 -p1 -b .varargs
 %if %{WITH_SELINUX}
 %patch21 -p1 -b .selinux
 %endif
@@ -857,9 +877,10 @@ install -m 755 $RPM_SOURCE_DIR/krb5kdc.init $RPM_BUILD_ROOT/etc/rc.d/init.d/krb5
 install -m 755 $RPM_SOURCE_DIR/kadmind.init $RPM_BUILD_ROOT/etc/rc.d/init.d/kadmin
 install -m 755 $RPM_SOURCE_DIR/kpropd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/kprop
 install -m 755 $RPM_SOURCE_DIR/krb524d.init $RPM_BUILD_ROOT/etc/rc.d/init.d/krb524
-# There are better ways to balance the load, and writing policy for this
-# script is painful.
-#install -m 755 $RPM_SOURCE_DIR/kdcrotate $RPM_BUILD_ROOT/etc/rc.d/init.d/
+mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
+install -m 644 $RPM_SOURCE_DIR/krb5kdc.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/krb5kdc
+install -m 644 $RPM_SOURCE_DIR/kadmin.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/kadmin
+install -m 644 $RPM_SOURCE_DIR/krb524.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/krb524
 
 # Xinetd configuration files.
 mkdir -p $RPM_BUILD_ROOT/etc/xinetd.d/
@@ -993,8 +1014,6 @@ fi
 %{krb5prefix}/man/man1/tmac.doc*
 %attr(0755,root,root) %{krb5prefix}/bin/v4rcp
 %{krb5prefix}/man/man1/v4rcp.1*
-%{krb5prefix}/bin/v5passwd
-%{krb5prefix}/man/man1/v5passwd.1*
 %{krb5prefix}/bin/sim_client
 %{krb5prefix}/bin/uuclient
 %{krb5prefix}/sbin/login.krb5
@@ -1021,6 +1040,9 @@ fi
 %config /etc/rc.d/init.d/kadmin
 %config /etc/rc.d/init.d/krb524
 %config /etc/rc.d/init.d/kprop
+%config(noreplace) /etc/sysconfig/krb5kdc
+%config(noreplace) /etc/sysconfig/kadmin
+%config(noreplace) /etc/sysconfig/krb524
 
 %doc doc/admin*.ps.gz doc/krb5-admin*.html
 %doc doc/krb425*.ps.gz doc/krb425*.html
@@ -1048,7 +1070,6 @@ fi
 %{krb5prefix}/man/man8/kadmin.local.8*
 %{krb5prefix}/sbin/kadmind
 %{krb5prefix}/man/man8/kadmind.8*
-%{krb5prefix}/sbin/kadmind4
 %{krb5prefix}/sbin/kdb5_util
 %{krb5prefix}/man/man8/kdb5_util.8*
 %{krb5prefix}/sbin/kprop
@@ -1056,10 +1077,10 @@ fi
 %{krb5prefix}/sbin/kpropd
 %{krb5prefix}/man/man8/kpropd.8*
 %{krb5prefix}/sbin/krb524d
+%{krb5prefix}/man/man8/krb524d.8*
 %{krb5prefix}/sbin/krb5kdc
 %{krb5prefix}/man/man8/krb5kdc.8*
 %{krb5prefix}/sbin/sim_server
-%{krb5prefix}/sbin/v5passwdd
 # This is here for people who want to test their server, and also 
 # included in devel package for similar reasons.
 %{krb5prefix}/bin/sclient
@@ -1100,6 +1121,7 @@ fi
 
 %{krb5prefix}/bin/krb5-config
 %{krb5prefix}/bin/sclient
+%{krb5prefix}/man/man1/krb5-config.1*
 %{krb5prefix}/man/man1/sclient.1*
 %{krb5prefix}/man/man8/sserver.8*
 %{krb5prefix}/sbin/sserver

krb524.sysconfig

@@ -0,0 +1 @@
+KRB524D_ARGS=-m

krb524d.init

@@ -15,6 +15,9 @@
 # Check that networking is up.
 [ ${NETWORKING} = "no" ] && exit 0
 
+# Get config.
+[ -r /etc/sysconfig/krb524 ] && . /etc/sysconfig/krb524
+
 # Source function library.
 . /etc/rc.d/init.d/functions
 
@@ -28,7 +31,7 @@ start() {
 	    exit 0
 	fi
 	echo -n $"Starting $prog: "
-	daemon ${krb524d} -m
+	daemon ${krb524d} ${KRB524D_ARGS:--m}
 	RETVAL=$?
 	echo
 	[ $RETVAL = 0 ] && touch /var/lock/subsys/krb524

krb5kdc.init

@@ -15,6 +15,9 @@
 # Check that networking is up.
 [ ${NETWORKING} = "no" ] && exit 0
 
+# Get config.
+[ -r /etc/sysconfig/krb5kdc ] && . /etc/sysconfig/krb5kdc
+
 # Source function library.
 . /etc/rc.d/init.d/functions
 
@@ -28,7 +31,7 @@ start() {
 	    exit 0
 	fi
 	echo -n $"Starting $prog: "
-	daemon ${krb5kdc}
+	daemon ${krb5kdc} $KRB5KDC_ARGS
 	RETVAL=$?
 	echo
 	[ $RETVAL = 0 ] && touch /var/lock/subsys/krb5kdc

krb5kdc.sysconfig

@@ -0,0 +1 @@
+KRB5KDC_ARGS=

sources

@@ -1,2 +1,2 @@
-7974d0fc413802712998d5fc5eec2919  krb5-1.3.6.tar.gz
-d1f7009dbdefb81af13da3777feb9a09  krb5-1.3.6.tar.gz.asc
+64f54aaf2f791bc2d689e3ce07874116  krb5-1.4.tar.gz
+c46d18bf4c643692ee2bdac13b52ff95  krb5-1.4.tar.gz.asc