- update to match current context in krb5.conf(5)

2010-11-05 15:00:13 -04:00 · 2010-11-05 15:00:13 -04:00 · 99e4741184
commit 99e4741184
parent cd6903bceb
2 changed files with 0 additions and 219 deletions
--- a/krb5-1.8-key_exp.patch
+++ b/krb5-1.8-key_exp.patch
@ -1,24 +0,0 @@
-Sadique Puthen notes that the warning on the client side seems to be correspond
-to the wrong attribute on the KDC.  Do what RFC4120 says we should do.
-
-RT#5755, which turns out to have been a duplicate of RT#2032.
-
-diff -up krb5-1.8/src/kdc/do_as_req.c.key_exp krb5-1.8/src/kdc/do_as_req.c
--- krb5-1.8/src/kdc/do_as_req.c.key_exp	2010-02-16 17:21:08.000000000 -0500
-+++ krb5-1.8/src/kdc/do_as_req.c	2010-03-05 11:02:06.000000000 -0500
-@@ -555,7 +555,14 @@ process_as_req(krb5_kdc_req *request, kr
-         goto errout;
-     }
-     reply_encpart.nonce = request->nonce;
-    reply_encpart.key_exp = client.expiration;
-+    if (client.expiration == 0) {
-+       reply_encpart.key_exp = client.pw_expiration;
-+    } else if (client.pw_expiration == 0) {
-+       reply_encpart.key_exp = client.expiration;
-+    } else {
-+       reply_encpart.key_exp = client.pw_expiration < client.expiration ?
-+                               client.pw_expiration : client.expiration;
-+    }
-     reply_encpart.flags = enc_tkt_reply.flags;
-     reply_encpart.server = ticket_reply.server;
- 
--- a/krb5-1.8-manpaths.patch
+++ b/krb5-1.8-manpaths.patch
@ -1,195 +0,0 @@
-Change the absolute paths included in the man pages so that the correct
-values can be dropped in by config.status.  After applying this patch,
-these files should be renamed to their ".in" counterparts, and then the
-configure scripts should be rebuilt.  Originally RT#6525
-
-diff -up krb5-1.8/src/aclocal.m4.manpaths krb5-1.8/src/aclocal.m4
--- krb5-1.8/src/aclocal.m4.manpaths	2010-03-05 10:55:28.000000000 -0500
-+++ krb5-1.8/src/aclocal.m4	2010-03-05 10:55:29.000000000 -0500
-@@ -1770,3 +1770,24 @@ AC_SUBST(PAM_LIBS)
- AC_SUBST(PAM_MAN)
- AC_SUBST(NON_PAM_MAN)
- ])dnl
-+AC_DEFUN(V5_AC_OUTPUT_MANPAGE,[
-+mansysconfdir=$sysconfdir
-+mansysconfdir=`eval echo $mansysconfdir | sed -e "s,NONE,$prefix,g"`
-+mansysconfdir=`eval echo $mansysconfdir | sed -e "s,NONE,$ac_default_prefix,g"`
-+mansbindir=$sbindir
-+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$exec_prefix,g"`
-+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$prefix,g"`
-+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$ac_default_prefix,g"`
-+manlocalstatedir=$localstatedir
-+manlocalstatedir=`eval echo $manlocalstatedir | sed -e "s,NONE,$prefix,g"`
-+manlocalstatedir=`eval echo $manlocalstatedir | sed -e "s,NONE,$ac_default_prefix,g"`
-+manlibexecdir=$libexecdir
-+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$exec_prefix,g"`
-+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$prefix,g"`
-+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$ac_default_prefix,g"`
-+AC_SUBST(mansysconfdir)
-+AC_SUBST(mansbindir)
-+AC_SUBST(manlocalstatedir)
-+AC_SUBST(manlibexecdir)
-+AC_CONFIG_FILES($1)
-+])
-diff -up krb5-1.8/src/appl/sample/sserver/sserver.M.manpaths krb5-1.8/src/appl/sample/sserver/sserver.M
--- krb5-1.8/src/appl/sample/sserver/sserver.M.manpaths	1999-09-24 17:20:59.000000000 -0400
-+++ krb5-1.8/src/appl/sample/sserver/sserver.M	2010-03-05 10:55:29.000000000 -0500
-@@ -59,7 +59,7 @@ option allows for a different keytab tha
- using a line in
- /etc/inetd.conf that looks like this:
- .PP
-sample  stream  tcp     nowait  root /usr/local/sbin/sserver	sserver
-+sample  stream  tcp     nowait  root @mansbindir@/sserver	sserver
- .PP
- Since \fBsample\fP is normally not a port defined in /etc/services, you will
- usually have to add a line to /etc/services which looks like this:
-diff -up krb5-1.8/src/config-files/kdc.conf.M.manpaths krb5-1.8/src/config-files/kdc.conf.M
--- krb5-1.8/src/config-files/kdc.conf.M.manpaths	2010-01-04 14:34:33.000000000 -0500
-+++ krb5-1.8/src/config-files/kdc.conf.M	2010-03-05 10:55:29.000000000 -0500
-@@ -82,14 +82,14 @@ This
- .B string
- specifies the location of the access control list (acl) file that
- kadmin uses to determine which principals are allowed which permissions
-on the database. The default value is /usr/local/var/krb5kdc/kadm5.acl.
-+on the database. The default value is @manlocalstatedir@/krb5kdc/kadm5.acl.
- 
- .IP admin_keytab
- This
- .B string
- Specifies the location of the keytab file that kadmin uses to
- authenticate to the database.  The default value is
-/usr/local/var/krb5kdc/kadm5.keytab.
-+@manlocalstatedir@/krb5kdc/kadm5.keytab.
- 
- .IP database_name
- This
-@@ -254,7 +254,7 @@ tickets should be checked against the tr
- realm names and the [capaths] section of its krb5.conf file
- 
- .SH FILES 
-/usr/local/var/krb5kdc/kdc.conf
-+@manlocalstatedir@/krb5kdc/kdc.conf
- 
- .SH SEE ALSO
- krb5.conf(5), krb5kdc(8)
-diff -up krb5-1.8/src/config-files/krb5.conf.M.manpaths krb5-1.8/src/config-files/krb5.conf.M
--- krb5-1.8/src/config-files/krb5.conf.M.manpaths	2010-02-25 15:14:21.000000000 -0500
-+++ krb5-1.8/src/config-files/krb5.conf.M	2010-03-05 10:55:29.000000000 -0500
-@@ -651,6 +651,6 @@ is whitespace-separated. The LDAP server
- This LDAP specific tag indicates the number of connections to be maintained per
- LDAP server.
- .SH FILES 
-/etc/krb5.conf
-+@mansysconfdir@/krb5.conf
- .SH SEE ALSO
- syslog(3)
-diff -up krb5-1.8/src/configure.in.manpaths krb5-1.8/src/configure.in
--- krb5-1.8/src/configure.in.manpaths	2010-03-05 10:55:29.000000000 -0500
-+++ krb5-1.8/src/configure.in	2010-03-05 10:55:29.000000000 -0500
-@@ -1054,6 +1054,16 @@ fi
- KRB5_WITH_PAM
- 
- AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
-+
-+V5_AC_OUTPUT_MANPAGE([
-+	appl/sample/sserver/sserver.M
-+	config-files/kdc.conf.M
-+	config-files/krb5.conf.M
-+	kadmin/cli/kadmin.M
-+	slave/kpropd.M
-+	slave/kprop.M
-+])
-+
- V5_AC_OUTPUT_MAKEFILE(.
- 
- 	util util/support util/profile util/send-pr
-diff -up krb5-1.8/src/kadmin/cli/kadmin.M.manpaths krb5-1.8/src/kadmin/cli/kadmin.M
--- krb5-1.8/src/kadmin/cli/kadmin.M.manpaths	2010-01-04 14:59:25.000000000 -0500
-+++ krb5-1.8/src/kadmin/cli/kadmin.M	2010-03-05 10:55:29.000000000 -0500
-@@ -869,9 +869,9 @@ option is specified, less verbose status
- .RS
- .TP
- EXAMPLE:
-kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin
-+kadmin: ktremove -k @manlocalstatedir@/krb5kdc/kadmind.keytab kadmin/admin
- Entry for principal kadmin/admin with kvno 3 removed
-	from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab.
-+	from keytab WRFILE:@manlocalstatedir@/krb5kdc/kadmind.keytab.
- kadmin:
- .RE
- .fi
-@@ -913,7 +913,7 @@ passwords.
- .SH HISTORY
- The
- .B kadmin
-prorgam was originally written by Tom Yu at MIT, as an interface to the
-+program was originally written by Tom Yu at MIT, as an interface to the
- OpenVision Kerberos administration program.
- .SH SEE ALSO
- .IR kerberos (1),
-diff -up krb5-1.8/src/slave/kpropd.M.manpaths krb5-1.8/src/slave/kpropd.M
--- krb5-1.8/src/slave/kpropd.M.manpaths	2009-12-30 23:21:34.000000000 -0500
-+++ krb5-1.8/src/slave/kpropd.M	2010-03-05 10:55:29.000000000 -0500
-@@ -74,7 +74,7 @@ Normally, kpropd is invoked out of 
- This is done by adding a line to the inetd.conf file which looks like
- this:
- 
-kprop	stream	tcp	nowait	root	/usr/local/sbin/kpropd	kpropd
-+kprop	stream	tcp	nowait	root	@mansbindir@/kpropd	kpropd
- 
- However, kpropd can also run as a standalone daemon, if the
- .B \-S
-@@ -111,13 +111,13 @@ is used.
- \fB\-f\fP \fIfile\fP
- specifies the filename where the dumped principal database file is to be
- stored; by default the dumped database file is KPROPD_DEFAULT_FILE
-(normally /usr/local/var/krb5kdc/from_master).
-+(normally @manlocalstatedir@/krb5kdc/from_master).
- .TP
- .B \-p
- allows the user to specify the pathname to the
- .IR kdb5_util (8)
- program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL
-(normally /usr/local/sbin/kdb5_util).
-+(normally @mansbindir@/kdb5_util).
- .TP
- .B \-S
- turn on standalone mode.  Normally, kpropd is invoked out of
-@@ -148,14 +148,14 @@ mode.
- allows the user to specify the path to the
- kpropd.acl
- file; by default the path used is KPROPD_ACL_FILE
-(normally /usr/local/var/krb5kdc/kpropd.acl).
-+(normally @manlocalstatedir@/krb5kdc/kpropd.acl).
- .SH FILES
- .TP "\w'kpropd.acl\ \ 'u"
- kpropd.acl
- Access file for
- .BR kpropd ;
- the default location is KPROPD_ACL_FILE (normally
-/usr/local/var/krb5kdc/kpropd.acl).
-+@manlocalstatedir@/krb5kdc/kpropd.acl).
- Each entry is a line containing the principal of a host from which the
- local machine will allow Kerberos database propagation via kprop.
- .SH SEE ALSO
-diff -up krb5-1.8/src/slave/kprop.M.manpaths krb5-1.8/src/slave/kprop.M
--- krb5-1.8/src/slave/kprop.M.manpaths	1999-09-24 17:20:59.000000000 -0400
-+++ krb5-1.8/src/slave/kprop.M	2010-03-05 10:55:29.000000000 -0500
-@@ -39,7 +39,7 @@ Kerberos server to a slave Kerberos serv
- This is done by transmitting the dumped database file to the slave
- server over an encrypted, secure channel.  The dump file must be created
- by kdb5_util, and is normally KPROP_DEFAULT_FILE
-(/usr/local/var/krb5kdc/slave_datatrans).
-+(@manlocalstatedir@/krb5kdc/slave_datatrans).
- .SH OPTIONS
- .TP
- \fB\-r\fP \fIrealm\fP
-@@ -51,7 +51,7 @@ is used.
- \fB\-f\fP \fIfile\fP
- specifies the filename where the dumped principal database file is to be
- found; by default the dumped database file is KPROP_DEFAULT_FILE
-(normally /usr/local/var/krb5kdc/slave_datatrans).
-+(normally @manlocalstatedir@/krb5kdc/slave_datatrans).
- .TP
- \fB\-P\fP \fIport\fP
- specifies the port to use to contact the