From af3b5464f00d54f0759bfb657046b1250a28337c Mon Sep 17 00:00:00 2001 From: cvsdist Date: Thu, 9 Sep 2004 07:05:48 +0000 Subject: [PATCH] auto-import changelog data from krb5-1.2.1-8.src.rpm Wed Aug 16 2000 Nalin Dahyabhai - fix summaries and descriptions - switched the default transfer protocol from PORT to PASV as proposed on bugzilla (#16134), and to match the regular ftp package's behavior Wed Jul 19 2000 Jeff Johnson - rebuild to compress man pages. Sat Jul 15 2000 Bill Nottingham - move initscript back Fri Jul 14 2000 Nalin Dahyabhai - disable servers by default to keep linuxconf from thinking they need to be started when they don't Thu Jul 13 2000 Prospector - automatic rebuild Mon Jul 10 2000 Nalin Dahyabhai - change cleanup code in post to not tickle chkconfig - add grep as a Prereq: for -libs Thu Jul 06 2000 Nalin Dahyabhai - move condrestarts to postun - make xinetd configs noreplace - add descriptions to xinetd configs - add /etc/init.d as a prereq for the -server package - patch to properly truncate $TERM in krlogind Fri Jun 30 2000 Nalin Dahyabhai - update to 1.2.1 - back out Tom Yu's patch, which is a big chunk of the 1.2 -> 1.2.1 update - start using the official source tarball instead of its contents Thu Jun 29 2000 Nalin Dahyabhai - Tom Yu's patch to fix compatibility between 1.2 kadmin and 1.1.1 kadmind - pull out 6.2 options in the spec file (sonames changing in 1.2 means it's not compatible with other stuff in 6.2, so no need) Wed Jun 28 2000 Nalin Dahyabhai - tweak graceful start/stop logic in post and preun Mon Jun 26 2000 Nalin Dahyabhai - update to the 1.2 release - ditch a lot of our patches which went upstream - enable use of DNS to look up things at build-time - disable use of DNS to look up things at run-time in default krb5.conf - change ownership of the convert-config-files script to root.root - compress PS docs - fix some typos in the kinit man page - run condrestart in server post, and shut down in preun Mon Jun 19 2000 Nalin Dahyabhai - only remove old krb5server init script links if the init script is there Sat Jun 17 2000 Nalin Dahyabhai - disable kshell and eklogin by default Thu Jun 15 2000 Nalin Dahyabhai - patch mkdir/rmdir problem in ftpcmd.y - add condrestart option to init script - split the server init script into three pieces and add one for kpropd Wed Jun 14 2000 Nalin Dahyabhai - make sure workstation servers are all disabled by default - clean up krb5server init script Fri Jun 09 2000 Nalin Dahyabhai - apply second set of buffer overflow fixes from Tom Yu - fix from Dirk Husung for a bug in buffer cleanups in the test suite - work around possibly broken rev binary in running test suite - move default realm configs from /var/kerberos to /var/kerberos Tue Jun 06 2000 Nalin Dahyabhai - make ksu and v4rcp owned by root Sat Jun 03 2000 Nalin Dahyabhai - use %{_infodir} to better comply with FHS - move .so files to -devel subpackage - tweak xinetd config files (bugs #11833, #11835, #11836, #11840) - fix package descriptions again Wed May 24 2000 Nalin Dahyabhai - change a LINE_MAX to 1024, fix from Ken Raeburn - add fix for login vulnerability in case anyone rebuilds without krb4 compat - add tweaks for byte-swapping macros in krb.h, also from Ken - add xinetd config files - make rsh and rlogin quieter - build with debug to fix credential forwarding - add rsh as a build-time req because the configure scripts look for it to determine paths Wed May 17 2000 Nalin Dahyabhai - fix config_subpackage logic Tue May 16 2000 Nalin Dahyabhai - remove setuid bit on v4rcp and ksu - apply patches from Jeffrey Schiller to fix overruns Chris Evans found - reintroduce configs subpackage for use in the errata - add PreReq: sh-utils Mon May 15 2000 Nalin Dahyabhai - fix double-free in the kdc (patch merged into MIT tree) - include convert-config-files script as a documentation file Wed May 03 2000 Nalin Dahyabhai - patch ksu man page because the -C option never works - add access() checks and disable debug mode in ksu - modify default ksu build arguments to specify more directories in CMD_PATH and to use getusershell() Wed May 03 2000 Bill Nottingham - fix configure stuff for ia64 Mon Apr 10 2000 Nalin Dahyabhai - add LDCOMBINE=-lc to configure invocation to use libc versioning (bug #10653) - change Requires: for/in subpackages to include 1.2.1 Wed Apr 05 2000 Nalin Dahyabhai - add man pages for kerberos(1), kvno(1), .k5login(5) - add kvno to -workstation Mon Apr 03 2000 Nalin Dahyabhai - Merge krb5-configs back into krb5-libs. The krb5.conf file is marked as a %config file anyway. - Make krb5.conf a noreplace config file. Thu Mar 30 2000 Nalin Dahyabhai - Make klogind pass a clean environment to children, like NetKit's rlogind does. Wed Mar 08 2000 Nalin Dahyabhai - Don't enable the server by default. - Compress info pages. - Add defaults for the PAM module to krb5.conf Mon Mar 06 2000 Nalin Dahyabhai - Correct copyright: it's exportable now, provided the proper paperwork is filed with the government. Fri Mar 03 2000 Nalin Dahyabhai - apply Mike Friedman's patch to fix format string problems - don't strip off argv[0] when invoking regular rsh/rlogin Thu Mar 02 2000 Nalin Dahyabhai - run kadmin.local correctly at startup Mon Feb 28 2000 Nalin Dahyabhai - pass absolute path to kadm5.keytab if/when extracting keys at startup Sat Feb 19 2000 Nalin Dahyabhai - fix info page insertions Wed Feb 09 2000 Nalin Dahyabhai - tweak server init script to automatically extract kadm5 keys if /var/kerberos/krb5kdc/kadm5.keytab doesn't exist yet - adjust package descriptions Thu Feb 03 2000 Nalin Dahyabhai - fix for potentially gzipped man pages Fri Jan 21 2000 Nalin Dahyabhai - fix comments in krb5-configs Fri Jan 07 2000 Nalin Dahyabhai - move /usr/kerberos/bin to end of PATH Tue Dec 28 1999 Nalin Dahyabhai - install kadmin header files Tue Dec 21 1999 Nalin Dahyabhai - patch around TIOCGTLC defined on alpha and remove warnings from libpty.h - add installation of info docs - remove krb4 compat patch because it doesn't fix workstation-side servers Mon Dec 20 1999 Nalin Dahyabhai - remove hesiod dependency at build-time Sun Dec 19 1999 Nalin Dahyabhai - rebuild on 1.1.1 Thu Oct 07 1999 Nalin Dahyabhai - clean up init script for server, verify that it works [jlkatz] - clean up rotation script so that rc likes it better - add clean stanza Mon Oct 04 1999 Nalin Dahyabhai - backed out ncurses and makeshlib patches - update for krb5-1.1 - add KDC rotation to rc.boot, based on ideas from Michael's C version Sun Sep 26 1999 Nalin Dahyabhai - added -lncurses to telnet and telnetd makefiles Mon Jul 05 1999 Nalin Dahyabhai - added krb5.csh and krb5.sh to /etc/profile.d Tue Jun 22 1999 Nalin Dahyabhai - broke out configuration files Mon Jun 14 1999 Nalin Dahyabhai - fixed server package so that it works now Sat May 15 1999 Nalin Dahyabhai - started changelog - updated existing 1.0.5 RPM from Eos Linux to krb5 1.0.6 - added --force to makeinfo commands to skip errors during build --- .cvsignore | 1 + eklogin.xinetd | 13 + gssftp.xinetd | 14 + kadm5.acl | 1 + kadmind.init | 79 +++++ kdc.conf | 10 + kdcrotate | 45 +++ klogin.xinetd | 13 + kpropd.init | 71 +++++ krb5-1.2.1-passive.patch | 29 ++ krb5-telnet.xinetd | 13 + krb5.conf | 31 ++ krb5.csh | 8 + krb5.sh | 8 + krb5.spec | 603 +++++++++++++++++++++++++++++++++++++++ krb524d.init | 69 +++++ krb5kdc.init | 69 +++++ krlogin | 1 + krsh | 1 + kshell.xinetd | 13 + sources | 1 + 21 files changed, 1093 insertions(+) create mode 100644 eklogin.xinetd create mode 100644 gssftp.xinetd create mode 100644 kadm5.acl create mode 100755 kadmind.init create mode 100644 kdc.conf create mode 100644 kdcrotate create mode 100644 klogin.xinetd create mode 100755 kpropd.init create mode 100644 krb5-1.2.1-passive.patch create mode 100644 krb5-telnet.xinetd create mode 100644 krb5.conf create mode 100755 krb5.csh create mode 100755 krb5.sh create mode 100644 krb5.spec create mode 100755 krb524d.init create mode 100755 krb5kdc.init create mode 100644 krlogin create mode 100644 krsh create mode 100644 kshell.xinetd diff --git a/.cvsignore b/.cvsignore index e69de29..b55ff38 100644 --- a/.cvsignore +++ b/.cvsignore @@ -0,0 +1 @@ +krb5-1.2.1.tar diff --git a/eklogin.xinetd b/eklogin.xinetd new file mode 100644 index 0000000..d05b161 --- /dev/null +++ b/eklogin.xinetd @@ -0,0 +1,13 @@ +# default: off +# description: The encrypting kerberized rlogin server accepts rlogin sessions \ +# authenticated and encrypted with Kerberos 5. +service eklogin +{ + flags = REUSE + socket_type = stream + wait = no + user = root + server = /usr/kerberos/sbin/klogind + server_args = -e -5 + disable = yes +} diff --git a/gssftp.xinetd b/gssftp.xinetd new file mode 100644 index 0000000..3f9f73e --- /dev/null +++ b/gssftp.xinetd @@ -0,0 +1,14 @@ +# default: off +# description: The kerberized FTP server accepts FTP connections \ +# that can be authenticated with Kerberos 5. +service ftp +{ + flags = REUSE + socket_type = stream + wait = no + user = root + server = /usr/kerberos/sbin/ftpd + server_args = -l -a + log_on_failure += USERID + disable = yes +} diff --git a/kadm5.acl b/kadm5.acl new file mode 100644 index 0000000..dc93eb0 --- /dev/null +++ b/kadm5.acl @@ -0,0 +1 @@ +*/admin@EXAMPLE.COM * diff --git a/kadmind.init b/kadmind.init new file mode 100755 index 0000000..dc826cd --- /dev/null +++ b/kadmind.init @@ -0,0 +1,79 @@ +#!/bin/sh +# +# kadmind Start and stop the Kerberos 5 administrative server. +# +# chkconfig: - 35 65 +# description: Kerberos 5 is a trusted third-party authentication system. \ +# This script starts and stops the Kerberos 5 administrative \ +# server, which should only be run on the master server for a \ +# realm. +# processname: kadmind +# + +# Get config. +. /etc/sysconfig/network + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 0 + +# Source function library. +. /etc/init.d/functions + +RETVAL=0 + +# Sheel functions to cut down on useless shell instances. +start() { + if [ ! -f /var/kerberos/krb5kdc/principal ] ; then + exit 0 + fi + if [ -f /var/kerberos/krb5kdc/kpropd.acl ] ; then + exit 0 + else + if [ ! -f /var/kerberos/krb5kdc/kadm5.keytab ] ; then + echo "Extracting kadm5 Service Keys" + /usr/kerberos/sbin/kadmin.local -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw" && success || fail + echo + fi + fi + echo -n "Starting Kerberos 5 Admin Server" + daemon /usr/kerberos/sbin/kadmind + RETVAL=$? + echo + [ $RETVAL = 0 ] && touch /var/lock/subsys/kadmin +} +stop() { + echo -n "Stopping Kerberos 5 Admin Server" + killproc kadmind + RETVAL=$? + echo + [ $RETVAL = 0 ] && rm -f /var/lock/subsys/kadmin +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + status) + status kadmind + ;; + condrestart) + if [ -f /var/lock/subsys/kadmin ] ; then + stop + start + fi + ;; + *) + echo "Usage: $0 {start|stop|status|condrestart|restart}" + RETVAL=1 + ;; +esac + +exit $RETVAL diff --git a/kdc.conf b/kdc.conf new file mode 100644 index 0000000..07adeb6 --- /dev/null +++ b/kdc.conf @@ -0,0 +1,10 @@ +[kdcdefaults] + acl_file = /var/kerberos/krb5kdc/kadm5.acl + dict_file = /usr/dict/words + admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab + +[realms] + EXAMPLE.COM = { + master_key_type = des-cbc-crc + supported_enctypes = des-cbc-crc:normal des3-cbc-raw:normal des3-cbc-sha1:normal des-cbc-crc:v4 des-cbc-crc:afs3 + } diff --git a/kdcrotate b/kdcrotate new file mode 100644 index 0000000..35bd894 --- /dev/null +++ b/kdcrotate @@ -0,0 +1,45 @@ +#!/bin/sh +# +# kdcrotate This shell script rotates the list of KDCs in /etc/krb5.conf +# +# Author: Based on SysV Init in RHS Linux by Damien Neil +# Written by Nalin Dahyabhai +# +# chkconfig: 345 99 01 +# +# description: Rotate the list of KDCs listed in /etc/krb5.conf +# + +PATH=/sbin:$PATH + +# Only run in runlevels where we're 'enabled', which should only be 345. +if [ "$1" != "start" ] ; then + exit 0 +fi + +# source function library +. /etc/rc.d/init.d/functions + +action "Rotating KDC list" "awk ' /^[[:space:]]*kdc[[:space:]]*=/ { \\ + if(length(firstkdc) == 0) { \\ + firstkdc = \$0; \\ + } else { \\ + if(length(kdclist) > 0) { \\ + kdclist = kdclist ORS; \\ + } \\ + kdclist = kdclist \$0; \\ + } \\ + next; \\ + } \\ + { \\ + if(length(kdclist) > 0) { \\ + NEWCONFIG = NEWCONFIG kdclist ORS; \\ + } \\ + if(length(firstkdc) > 0) { \\ + NEWCONFIG = NEWCONFIG firstkdc ORS; \\ + } \\ + firstkdc = \"\"; \\ + kdclist = \"\"; \\ + NEWCONFIG = NEWCONFIG \$0 ORS; \\ + } \\ + END {printf \"%s\", NEWCONFIG > \"/etc/krb5.conf\"}' /etc/krb5.conf" diff --git a/klogin.xinetd b/klogin.xinetd new file mode 100644 index 0000000..aa229a4 --- /dev/null +++ b/klogin.xinetd @@ -0,0 +1,13 @@ +# default: off +# description: The kerberized rlogin server accepts BSD-style rlogin sessions, \ +# but uses Kerberos 5 authentication. +service klogin +{ + flags = REUSE + socket_type = stream + wait = no + user = root + server = /usr/kerberos/sbin/klogind + server_args = -5 + disable = yes +} diff --git a/kpropd.init b/kpropd.init new file mode 100755 index 0000000..185996a --- /dev/null +++ b/kpropd.init @@ -0,0 +1,71 @@ +#!/bin/sh +# +# kpropd.init Start and stop the Kerberos 5 propagation client. +# +# chkconfig: - 35 65 +# description: Kerberos 5 is a trusted third-party authentication system. \ +# This script starts and stops the service that allows this \ +# KDC to receive updates from your master KDC. +# processname: kpropd +# + +# Get config. +. /etc/sysconfig/network + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 0 + +# Source function library. +. /etc/init.d/functions + +RETVAL=0 + +# Sheel functions to cut down on useless shell instances. +start() { + if [ ! -f /var/kerberos/krb5kdc/principal ] ; then + exit 0 + fi + if [ ! -f /var/kerberos/krb5kdc/kpropd.acl ] ; then + exit 0 + fi + echo -n "Starting Kerberos 5 Propagation Server:" + daemon /usr/kerberos/sbin/kpropd -S + RETVAL=$? + [ $RETVAL = 0 ] && touch /var/lock/subsys/kprop +} +stop() { + echo -n "Stopping Kerberos 5 Propagation Server:" + killproc kpropd + RETVAL=$? + echo + [ $RETVAL = 0 ] && rm -f /var/lock/subsys/kprop +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + status) + status kpropd + ;; + condrestart) + if [ -f /var/lock/subsys/kprop ] ; then + stop + start + fi + ;; + *) + echo "Usage: $0 {start|stop|status|restart|condrestart}" + RETVAL=1 + ;; +esac + +exit $RETVAL diff --git a/krb5-1.2.1-passive.patch b/krb5-1.2.1-passive.patch new file mode 100644 index 0000000..e5cc528 --- /dev/null +++ b/krb5-1.2.1-passive.patch @@ -0,0 +1,29 @@ +--- krb5-1.2.1/src/appl/gssftp/ftp/main.c.passive Thu Jun 29 22:27:07 2000 ++++ krb5-1.2.1/src/appl/gssftp/ftp/main.c Wed Aug 16 13:15:08 2000 +@@ -178,7 +178,7 @@ + cpend = 0; /* no pending replies */ + proxy = 0; /* proxy not active */ + #ifndef NO_PASSIVE_MODE +- passivemode = 0; /* passive mode not active */ ++ passivemode = 1; /* passive mode active by default */ + #endif + crflag = 1; /* strip c.r. on ascii gets */ + sendport = -1; /* not using ports */ +--- krb5-1.2.1/src/appl/gssftp/ftp/ftp.M.passive Wed Aug 16 13:15:26 2000 ++++ krb5-1.2.1/src/appl/gssftp/ftp/ftp.M Wed Aug 16 13:17:19 2000 +@@ -619,10 +619,11 @@ + will forward a copy of the user's Kerberos tickets to the remote host. + .TP + .B passive +-Toggle passive data transfer mode. In passive mode, the client initiates +-the data connection by listening on the data port. Passive mode may +-be necessary for operation from behind firewalls which do not permit +-incoming connections. ++Toggle passive data transfer mode off. In passive mode, the client initiates ++the data connection by connecting to the data port. Passive mode is ++often necessary for operation from behind firewalls which do not permit ++incoming connections, but may need to be disabled if you connect to an ++FTP server which does not support passive operation. + .TP + .B private + Set the protection level on data transfers to ``private''. Data diff --git a/krb5-telnet.xinetd b/krb5-telnet.xinetd new file mode 100644 index 0000000..341ef3a --- /dev/null +++ b/krb5-telnet.xinetd @@ -0,0 +1,13 @@ +# default: off +# description: The kerberized telnet server accepts normal telnet sessions, \ +# but can also use Kerberos 5 authentication. +service telnet +{ + flags = REUSE + socket_type = stream + wait = no + user = root + server = /usr/kerberos/sbin/telnetd + log_on_failure += USERID + disable = yes +} diff --git a/krb5.conf b/krb5.conf new file mode 100644 index 0000000..caf341d --- /dev/null +++ b/krb5.conf @@ -0,0 +1,31 @@ +[logging] + default = FILE:/var/log/krb5libs.log + kdc = FILE:/var/log/krb5kdc.log + admin_server = FILE:/var/log/kadmind.log + +[libdefaults] + ticket_lifetime = 24000 + default_realm = EXAMPLE.COM + dns_lookup_realm = false + dns_lookup_kdc = false + +[realms] + EXAMPLE.COM = { + kdc = kerberos.example.com:88 + admin_server = kerberos.example.com:749 + default_domain = example.com + } + +[domain_realm] + .example.com = EXAMPLE.COM + example.com = EXAMPLE.COM + +[kdc] + profile = /var/kerberos/krb5kdc/kdc.conf + +[pam] + debug = false + ticket_lifetime = 36000 + renew_lifetime = 36000 + forwardable = true + krb4_convert = false diff --git a/krb5.csh b/krb5.csh new file mode 100755 index 0000000..04ef510 --- /dev/null +++ b/krb5.csh @@ -0,0 +1,8 @@ +if ( /usr/kerberos/bin !~ "${path}" ) then + set path = ( /usr/kerberos/bin $path ) +endif +if ( /usr/kerberos/sbin !~ "${path}" ) then + if ( `id -u` == 0 ) then + set path = ( /usr/kerberos/sbin $path ) + endif +endif diff --git a/krb5.sh b/krb5.sh new file mode 100755 index 0000000..eb94fd9 --- /dev/null +++ b/krb5.sh @@ -0,0 +1,8 @@ +if ! echo ${PATH} | grep -q /usr/kerberos/bin ; then + PATH=/usr/kerberos/bin:${PATH} +fi +if ! echo ${PATH} | grep -q /usr/kerberos/sbin ; then + if [ `id -u` = 0 ] ; then + PATH=/usr/kerberos/sbin:${PATH} + fi +fi diff --git a/krb5.spec b/krb5.spec new file mode 100644 index 0000000..785adb1 --- /dev/null +++ b/krb5.spec @@ -0,0 +1,603 @@ +%define prefix %{_prefix}/kerberos + +Summary: The Kerberos network authentication system. +Name: krb5 +Version: 1.2.1 +Release: 8 +Source0: krb5-%{version}.tar +Source1: kpropd.init +Source2: krb524d.init +Source3: kadmind.init +Source4: krb5kdc.init +Source5: krb5.conf +Source6: krb5.sh +Source7: krb5.csh +Source8: kdcrotate +Source9: kdc.conf +Source10: kadm5.acl +Source11: krsh +Source12: krlogin +Source13: eklogin.xinetd +Source14: klogin.xinetd +Source15: kshell.xinetd +Source16: krb5-telnet.xinetd +Source17: gssftp.xinetd +Source18: krb5server.init +Patch0: krb5-1.1-db.patch +Patch1: krb5-1.1.1-tiocgltc.patch +Patch2: krb5-1.1.1-libpty.patch +Patch3: krb5-1.1.1-fixinfo.patch +Patch4: krb5-1.1.1-manpages.patch +Patch5: krb5-1.1.1-netkitr.patch +Patch6: krb5-1.2-rlogind.patch +Patch7: krb5-1.2-ksu.patch +Patch8: krb5-1.2-ksu.options.patch +Patch9: krb5-1.2-ksu.man.patch +Patch10: krb5-1.2-quiet.patch +Patch11: krb5-1.1.1-brokenrev.patch +Patch12: krb5-1.2-spelling.patch +Patch13: krb5-1.2.1-term.patch +Patch14: krb5-1.2.1-passive.patch +Copyright: MIT, freely distributable. +URL: http://web.mit.edu/kerberos/www/ +Group: System Environment/Libraries +BuildRoot: %{_tmppath}/%{name}-root +Prereq: grep, info, sh-utils, /sbin/install-info +BuildPrereq: e2fsprogs-devel, gzip, rsh, tcl, texinfo, tar + +%description +Kerberos V5 is a trusted-third-party network authentication system, +which can improve your network's security by eliminating the insecure +practice of cleartext passwords. + +%package devel +Summary: Development files needed for compiling Kerberos 5 programs. +Group: Development/Libraries +Requires: %{name}-libs = %{version} + +%description devel +Kerberos is a network authentication system. The krb5-devel package +contains the header files and libraries needed for compiling Kerberos +5 programs. If you want to develop Kerberos-aware programs, you'll +need to install this package. + +%package libs +Summary: The shared libraries used by Kerberos 5. +Group: System Environment/Libraries +Prereq: grep, /sbin/ldconfig, sh-utils + +%description libs +Kerberos is a network authentication system. The krb5-libs package +contains the shared libraries needed by Kerberos 5. If you're using +Kerberos, you'll need to install this package. + +%package server +Group: System Environment/Daemons +Summary: The server programs for Kerberos 5. +Requires: %{name}-libs = %{version}, %{name}-workstation = %{version} +Prereq: grep, /sbin/install-info, /bin/sh, sh-utils, /etc/init.d + +%description server +Kerberos is a network authentication system. The krb5-server package +contains the programs that must be installed on a Kerberos 5 server. +If you're installing a Kerberos 5 server, you need to install this +package (in other words, most people should NOT install this +package). + +%package workstation +Summary: Kerberos 5 programs for use on workstations. +Group: System Environment/Base +Requires: %{name}-libs = %{version} +Prereq: grep, /sbin/install-info, /bin/sh, sh-utils + +%description workstation +Kerberos is a network authentication system. The krb5-workstation +package contains the basic Kerberos programs (kinit, klist, kdestroy, +kpasswd) as well as kerberized versions of Telnet and FTP. If your +network uses Kerberos, this package should be installed on every +workstation. + +%changelog +* Wed Aug 16 2000 Nalin Dahyabhai +- fix summaries and descriptions +- switched the default transfer protocol from PORT to PASV as proposed on + bugzilla (#16134), and to match the regular ftp package's behavior + +* Wed Jul 19 2000 Jeff Johnson +- rebuild to compress man pages. + +* Sat Jul 15 2000 Bill Nottingham +- move initscript back + +* Fri Jul 14 2000 Nalin Dahyabhai +- disable servers by default to keep linuxconf from thinking they need to be + started when they don't + +* Thu Jul 13 2000 Prospector +- automatic rebuild + +* Mon Jul 10 2000 Nalin Dahyabhai +- change cleanup code in post to not tickle chkconfig +- add grep as a Prereq: for -libs + +* Thu Jul 6 2000 Nalin Dahyabhai +- move condrestarts to postun +- make xinetd configs noreplace +- add descriptions to xinetd configs +- add /etc/init.d as a prereq for the -server package +- patch to properly truncate $TERM in krlogind + +* Fri Jun 30 2000 Nalin Dahyabhai +- update to 1.2.1 +- back out Tom Yu's patch, which is a big chunk of the 1.2 -> 1.2.1 update +- start using the official source tarball instead of its contents + +* Thu Jun 29 2000 Nalin Dahyabhai +- Tom Yu's patch to fix compatibility between 1.2 kadmin and 1.1.1 kadmind +- pull out 6.2 options in the spec file (sonames changing in 1.2 means it's not + compatible with other stuff in 6.2, so no need) + +* Wed Jun 28 2000 Nalin Dahyabhai +- tweak graceful start/stop logic in post and preun + +* Mon Jun 26 2000 Nalin Dahyabhai +- update to the 1.2 release +- ditch a lot of our patches which went upstream +- enable use of DNS to look up things at build-time +- disable use of DNS to look up things at run-time in default krb5.conf +- change ownership of the convert-config-files script to root.root +- compress PS docs +- fix some typos in the kinit man page +- run condrestart in server post, and shut down in preun + +* Mon Jun 19 2000 Nalin Dahyabhai +- only remove old krb5server init script links if the init script is there + +* Sat Jun 17 2000 Nalin Dahyabhai +- disable kshell and eklogin by default + +* Thu Jun 15 2000 Nalin Dahyabhai +- patch mkdir/rmdir problem in ftpcmd.y +- add condrestart option to init script +- split the server init script into three pieces and add one for kpropd + +* Wed Jun 14 2000 Nalin Dahyabhai +- make sure workstation servers are all disabled by default +- clean up krb5server init script + +* Fri Jun 9 2000 Nalin Dahyabhai +- apply second set of buffer overflow fixes from Tom Yu +- fix from Dirk Husung for a bug in buffer cleanups in the test suite +- work around possibly broken rev binary in running test suite +- move default realm configs from /var/kerberos to %{_var}/kerberos + +* Tue Jun 6 2000 Nalin Dahyabhai +- make ksu and v4rcp owned by root + +* Sat Jun 3 2000 Nalin Dahyabhai +- use %%{_infodir} to better comply with FHS +- move .so files to -devel subpackage +- tweak xinetd config files (bugs #11833, #11835, #11836, #11840) +- fix package descriptions again + +* Wed May 24 2000 Nalin Dahyabhai +- change a LINE_MAX to 1024, fix from Ken Raeburn +- add fix for login vulnerability in case anyone rebuilds without krb4 compat +- add tweaks for byte-swapping macros in krb.h, also from Ken +- add xinetd config files +- make rsh and rlogin quieter +- build with debug to fix credential forwarding +- add rsh as a build-time req because the configure scripts look for it to + determine paths + +* Wed May 17 2000 Nalin Dahyabhai +- fix config_subpackage logic + +* Tue May 16 2000 Nalin Dahyabhai +- remove setuid bit on v4rcp and ksu +- apply patches from Jeffrey Schiller to fix overruns Chris Evans found +- reintroduce configs subpackage for use in the errata +- add PreReq: sh-utils + +* Mon May 15 2000 Nalin Dahyabhai +- fix double-free in the kdc (patch merged into MIT tree) +- include convert-config-files script as a documentation file + +* Wed May 03 2000 Nalin Dahyabhai +- patch ksu man page because the -C option never works +- add access() checks and disable debug mode in ksu +- modify default ksu build arguments to specify more directories in CMD_PATH + and to use getusershell() + +* Wed May 03 2000 Bill Nottingham +- fix configure stuff for ia64 + +* Mon Apr 10 2000 Nalin Dahyabhai +- add LDCOMBINE=-lc to configure invocation to use libc versioning (bug #10653) +- change Requires: for/in subpackages to include %{version} + +* Wed Apr 05 2000 Nalin Dahyabhai +- add man pages for kerberos(1), kvno(1), .k5login(5) +- add kvno to -workstation + +* Mon Apr 03 2000 Nalin Dahyabhai +- Merge krb5-configs back into krb5-libs. The krb5.conf file is marked as + a %%config file anyway. +- Make krb5.conf a noreplace config file. + +* Thu Mar 30 2000 Nalin Dahyabhai +- Make klogind pass a clean environment to children, like NetKit's rlogind does. + +* Wed Mar 08 2000 Nalin Dahyabhai +- Don't enable the server by default. +- Compress info pages. +- Add defaults for the PAM module to krb5.conf + +* Mon Mar 06 2000 Nalin Dahyabhai +- Correct copyright: it's exportable now, provided the proper paperwork is + filed with the government. + +* Fri Mar 03 2000 Nalin Dahyabhai +- apply Mike Friedman's patch to fix format string problems +- don't strip off argv[0] when invoking regular rsh/rlogin + +* Thu Mar 02 2000 Nalin Dahyabhai +- run kadmin.local correctly at startup + +* Mon Feb 28 2000 Nalin Dahyabhai +- pass absolute path to kadm5.keytab if/when extracting keys at startup + +* Sat Feb 19 2000 Nalin Dahyabhai +- fix info page insertions + +* Wed Feb 9 2000 Nalin Dahyabhai +- tweak server init script to automatically extract kadm5 keys if + /var/kerberos/krb5kdc/kadm5.keytab doesn't exist yet +- adjust package descriptions + +* Thu Feb 3 2000 Nalin Dahyabhai +- fix for potentially gzipped man pages + +* Fri Jan 21 2000 Nalin Dahyabhai +- fix comments in krb5-configs + +* Fri Jan 7 2000 Nalin Dahyabhai +- move /usr/kerberos/bin to end of PATH + +* Tue Dec 28 1999 Nalin Dahyabhai +- install kadmin header files + +* Tue Dec 21 1999 Nalin Dahyabhai +- patch around TIOCGTLC defined on alpha and remove warnings from libpty.h +- add installation of info docs +- remove krb4 compat patch because it doesn't fix workstation-side servers + +* Mon Dec 20 1999 Nalin Dahyabhai +- remove hesiod dependency at build-time + +* Sun Dec 19 1999 Nalin Dahyabhai +- rebuild on 1.1.1 + +* Thu Oct 7 1999 Nalin Dahyabhai +- clean up init script for server, verify that it works [jlkatz] +- clean up rotation script so that rc likes it better +- add clean stanza + +* Mon Oct 4 1999 Nalin Dahyabhai +- backed out ncurses and makeshlib patches +- update for krb5-1.1 +- add KDC rotation to rc.boot, based on ideas from Michael's C version + +* Mon Sep 26 1999 Nalin Dahyabhai +- added -lncurses to telnet and telnetd makefiles + +* Mon Jul 5 1999 Nalin Dahyabhai +- added krb5.csh and krb5.sh to /etc/profile.d + +* Mon Jun 22 1999 Nalin Dahyabhai +- broke out configuration files + +* Mon Jun 14 1999 Nalin Dahyabhai +- fixed server package so that it works now + +* Sat May 15 1999 Nalin Dahyabhai +- started changelog +- updated existing 1.0.5 RPM from Eos Linux to krb5 1.0.6 +- added --force to makeinfo commands to skip errors during build + +%prep +%setup -q -c +gzip -dc krb5-%{version}.src.tar.gz | tar -xf - -C .. +gzip -dc krb5-%{version}.crypto.tar.gz | tar -xf - -C .. +gzip -dc krb5-%{version}.doc.tar.gz | tar -xf - -C .. +%patch0 -p0 -b .db +%patch1 -p0 -b .tciogltc +%patch2 -p0 -b .libpty +%patch3 -p0 -b .fixinfo +%patch4 -p0 -b .manpages +%patch5 -p0 -b .netkitr +%patch6 -p1 -b .rlogind +%patch7 -p1 -b .ksu +%patch8 -p1 -b .ksu-options +%patch9 -p1 -b .ksu-man +%patch10 -p1 -b .quiet +%patch11 -p1 -b .brokenrev +%patch12 -p1 -b .spelling +%patch13 -p1 -b .term +%patch14 -p1 -b .passive +find . -type f -name "*.fixinfo" -exec rm -fv "{}" ";" +gzip doc/*.ps + +%build +cd src +libtoolize --copy --force +cp config.{guess,sub} config + +# Can't use %%configure because we don't use the default mandir. +LDCOMBINE_TAIL="-lc"; export LDCOMBINE_TAIL +./configure \ + --with-cc=%{__cc} --with-ccopts="-ggdb" \ + --enable-shared --enable-static \ + --prefix=%{prefix} \ + --infodir=%{_infodir} \ + --localstatedir=%{_var}/kerberos \ + --with-krb4 \ + --enable-dns --enable-dns-for-kdc --enable-dns-for-realm \ + --with-netlib=-lresolv \ + --with-tcl=%{_prefix} \ + %{_target_platform} +make + +# Run the test suite. +# make check TMPDIR=%{_tmppath} + +%install +[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT + +# Our shell scripts. +mkdir -p $RPM_BUILD_ROOT%{prefix}/bin +install -m 755 $RPM_SOURCE_DIR/{krsh,krlogin} $RPM_BUILD_ROOT/%{prefix}/bin/ + +# Extra headers. +mkdir -p $RPM_BUILD_ROOT%{prefix}/include +(cd src/include + find kadm5 krb5 gssrpc gssapi -name "*.h" | \ + cpio -pdm $RPM_BUILD_ROOT/%{prefix}/include ) +sed 's^k5-int^krb5/kdb^g' < $RPM_BUILD_ROOT/%{prefix}/include/kadm5/admin.h \ + > $RPM_BUILD_ROOT/%{prefix}/include/kadm5/admin.h2 &&\ +mv $RPM_BUILD_ROOT/%{prefix}/include/kadm5/admin.h2 \ + $RPM_BUILD_ROOT/%{prefix}/include/kadm5/admin.h +find $RPM_BUILD_ROOT/%{prefix}/include -type d | xargs chmod 755 +find $RPM_BUILD_ROOT/%{prefix}/include -type f | xargs chmod 644 + +# Info docs. +mkdir -p $RPM_BUILD_ROOT%{_infodir} +install -m 644 doc/*.info* $RPM_BUILD_ROOT%{_infodir}/ +gzip $RPM_BUILD_ROOT%{_infodir}/*.info* + +# KDC config files. +mkdir -p $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc +install -m 644 $RPM_SOURCE_DIR/kdc.conf $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/ +install -m 644 $RPM_SOURCE_DIR/kadm5.acl $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/ + +# Client config files and scripts. +mkdir -p $RPM_BUILD_ROOT/etc/profile.d +install -m 644 $RPM_SOURCE_DIR/krb5.conf $RPM_BUILD_ROOT/etc/krb5.conf +install -m 755 $RPM_SOURCE_DIR/krb5.{sh,csh} $RPM_BUILD_ROOT/etc/profile.d/ + +# KDC init script. +mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d +install -m 755 $RPM_SOURCE_DIR/krb5kdc.init $RPM_BUILD_ROOT/etc/rc.d/init.d/krb5kdc +install -m 755 $RPM_SOURCE_DIR/kadmind.init $RPM_BUILD_ROOT/etc/rc.d/init.d/kadmin +install -m 755 $RPM_SOURCE_DIR/kpropd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/kprop +install -m 755 $RPM_SOURCE_DIR/krb524d.init $RPM_BUILD_ROOT/etc/rc.d/init.d/krb524 +install -m 755 $RPM_SOURCE_DIR/kdcrotate $RPM_BUILD_ROOT/etc/rc.d/init.d/ + +# The rest of the binaries and libraries and docs. +cd src +make prefix=$RPM_BUILD_ROOT%{prefix} \ + localstatedir=$RPM_BUILD_ROOT%{_var}/kerberos \ + infodir=$RPM_BUILD_ROOT%{_infodir} install + +# Fixup strange shared library permissions. +chmod 755 $RPM_BUILD_ROOT%{prefix}/lib/*.so* + +# Xinetd configuration files. +mkdir -p $RPM_BUILD_ROOT/etc/xinetd.d/ +for xinetd in eklogin klogin kshell krb5-telnet gssftp ; do + install -m 644 $RPM_SOURCE_DIR/${xinetd}.xinetd \ + $RPM_BUILD_ROOT/etc/xinetd.d/${xinetd} +done + +# Trim off useless info. +strip $RPM_BUILD_ROOT%{prefix}/bin/* $RPM_BUILD_ROOT%{prefix}/sbin/* || : +strip -g $RPM_BUILD_ROOT%{prefix}/lib/lib* || : + +%post libs +grep -q %{prefix}/lib /etc/ld.so.conf || echo %{prefix}/lib >> /etc/ld.so.conf +/sbin/ldconfig + +%postun libs -p /sbin/ldconfig + +%post server +# Remove the init script for older servers. +[ -x /etc/rc.d/init.d/krb5server ] && /sbin/chkconfig --del krb5server +# Install the new ones. +/sbin/chkconfig --add krb5kdc +/sbin/chkconfig --add kadmin +/sbin/chkconfig --add krb524 +/sbin/chkconfig --add kprop +# Install info pages. +/sbin/install-info %{_infodir}/krb425.info.gz %{_infodir}/dir +/sbin/install-info %{_infodir}/krb5-admin.info.gz %{_infodir}/dir +/sbin/install-info %{_infodir}/krb5-install.info.gz %{_infodir}/dir + +%preun server +if [ "$1" = "0" ] ; then + /sbin/chkconfig --del krb5kdc + /sbin/chkconfig --del kadmin + /sbin/chkconfig --del krb524 + /sbin/chkconfig --del kprop + /sbin/service krb5kdc stop > /dev/null 2>&1 || : + /sbin/service kadmin stop > /dev/null 2>&1 || : + /sbin/service krb524 stop > /dev/null 2>&1 || : + /sbin/service kprop stop > /dev/null 2>&1 || : + /sbin/install-info --delete %{_infodir}/krb425.info.gz %{_infodir}/dir + /sbin/install-info --delete %{_infodir}/krb5-admin.info.gz %{_infodir}/dir + /sbin/install-info --delete %{_infodir}/krb5-install.info.gz %{_infodir}/dir +fi + +%postun server +if [ "$1" -ge 1 ] ; then + /sbin/service krb5kdc condrestart > /dev/null 2>&1 || : + /sbin/service kadmin condrestart > /dev/null 2>&1 || : + /sbin/service krb524 condrestart > /dev/null 2>&1 || : + /sbin/service kprop condrestart > /dev/null 2>&1 || : +fi + +%post workstation +/sbin/install-info %{_infodir}/krb5-user.info %{_infodir}/dir +/sbin/service xinetd reload > /dev/null 2>&1 || : + +%preun workstation +if [ "$1" = "0" ] ; then + /sbin/install-info --delete %{_infodir}/krb5-user.info %{_infodir}/dir +fi + +%postun workstation +/sbin/service xinetd reload > /dev/null 2>&1 || : + +%files workstation +%defattr(-,root,root) + +%config /etc/profile.d/krb5.sh +%config /etc/profile.d/krb5.csh + +%config(noreplace) /etc/xinetd.d/* + +%doc doc/user*.html doc/user*.ps.gz src/config-files/services.append +%attr(0755,root,root) %doc src/config-files/convert-config-files +%{_infodir}/krb5-user.info* +%{prefix}/bin/ftp +%{prefix}/man/man1/ftp.1* +%{prefix}/bin/gss-client +%{prefix}/bin/kdestroy +%{prefix}/man/man1/kdestroy.1* +%{prefix}/man/man1/kerberos.1* +%{prefix}/bin/kinit +%{prefix}/man/man1/kinit.1* +%{prefix}/bin/klist +%{prefix}/man/man1/klist.1* +%{prefix}/bin/kpasswd +%{prefix}/man/man1/kpasswd.1* +%{prefix}/bin/krb524init +%{prefix}/sbin/kadmin +%{prefix}/man/man8/kadmin.8* +%{prefix}/sbin/ktutil +%{prefix}/man/man8/ktutil.8* +%attr(0755,root,root) %{prefix}/bin/ksu +%{prefix}/man/man1/ksu.1* +%{prefix}/bin/kvno +%{prefix}/man/man1/kvno.1* +%{prefix}/bin/rcp +%{prefix}/man/man1/rcp.1* +%{prefix}/bin/krlogin +%{prefix}/bin/rlogin +%{prefix}/man/man1/rlogin.1* +%{prefix}/bin/krsh +%{prefix}/bin/rsh +%{prefix}/man/man1/rsh.1* +%{prefix}/bin/telnet +%{prefix}/man/man1/telnet.1* +%{prefix}/man/man1/tmac.doc* +%attr(0755,root,root) %{prefix}/bin/v4rcp +%{prefix}/man/man1/v4rcp.1* +%{prefix}/bin/v5passwd +%{prefix}/man/man1/v5passwd.1* +%{prefix}/bin/sim_client +%{prefix}/bin/uuclient +%{prefix}/sbin/login.krb5 +%{prefix}/man/man8/login.krb5.8* +%{prefix}/sbin/ftpd +%{prefix}/man/man8/ftpd.8* +%{prefix}/sbin/gss-server +%{prefix}/sbin/klogind +%{prefix}/man/man8/klogind.8* +%{prefix}/sbin/kshd +%{prefix}/man/man8/kshd.8* +%{prefix}/sbin/telnetd +%{prefix}/man/man8/telnetd.8* +%{prefix}/sbin/uuserver +%{prefix}/man/man5/.k5login.5* +%{prefix}/man/man5/krb5.conf.5* + +%files server +%defattr(-,root,root) + +%config /etc/rc.d/init.d/krb5kdc +%config /etc/rc.d/init.d/kadmin +%config /etc/rc.d/init.d/krb524 +%config /etc/rc.d/init.d/kprop + +%doc doc/admin*.ps.gz doc/admin*.html +%doc doc/krb425*.ps.gz doc/krb425*.html +%doc doc/install*.ps.gz doc/install*.html + +%{_infodir}/krb5-admin.info* +%{_infodir}/krb5-install.info* +%{_infodir}/krb425.info* + +%dir %{_var}/kerberos/krb5kdc +%config(noreplace) %{_var}/kerberos/krb5kdc/kdc.conf +%config(noreplace) %{_var}/kerberos/krb5kdc/kadm5.acl + +%{prefix}/man/man5/kdc.conf.5* +%{prefix}/sbin/kadmin.local +%{prefix}/man/man8/kadmin.local.8* +%{prefix}/sbin/kadmind +%{prefix}/man/man8/kadmind.8* +%{prefix}/sbin/kadmind4 +%{prefix}/sbin/kdb5_util +%{prefix}/man/man8/kdb5_util.8* +%{prefix}/sbin/kprop +%{prefix}/man/man8/kprop.8* +%{prefix}/sbin/kpropd +%{prefix}/man/man8/kpropd.8* +%{prefix}/sbin/krb5-send-pr +%{prefix}/man/man1/krb5-send-pr.1* +%{prefix}/sbin/krb524d +%{prefix}/sbin/krb5kdc +%{prefix}/man/man8/krb5kdc.8* +%{prefix}/sbin/sim_server +%{prefix}/sbin/v5passwdd +# This is here for people who want to test their server, and also +# included in devel package for similar reasons. +%{prefix}/bin/sclient +%{prefix}/man/man1/sclient.1* +%{prefix}/sbin/sserver +%{prefix}/man/man8/sserver.8* + +%files libs +%defattr(-,root,root) +%{prefix}/lib/lib*.so.*.* +%config /etc/rc.d/init.d/kdcrotate +%config(noreplace) /etc/krb5.conf + +%files devel +%defattr(-,root,root) +%doc doc/api +%doc doc/implement +%doc doc/kadm5 +%doc doc/kadmin +%doc doc/krb5-protocol +%doc doc/rpc +%{prefix}/include +%{prefix}/lib/lib*.a +%{prefix}/lib/lib*.so +%{prefix}/bin/sclient +%{prefix}/man/man1/sclient.1* +%{prefix}/sbin/sserver +%{prefix}/man/man8/sserver.8* + +%clean +[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT diff --git a/krb524d.init b/krb524d.init new file mode 100755 index 0000000..985544b --- /dev/null +++ b/krb524d.init @@ -0,0 +1,69 @@ +#!/bin/sh +# +# krb524 Start and stop the krb524 service. +# +# chkconfig: - 35 65 +# description: Kerberos 5 is a trusted third-party authentication system. \ +# This script starts and stops krb524d, which converts \ +# Kerberos 5 credentials to Kerberos IV credentials. +# processname: krb524d +# + +# Get config. +. /etc/sysconfig/network + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 0 + +# Source function library. +. /etc/rc.d/init.d/functions + +RETVAL=0 + +# Sheel functions to cut down on useless shell instances. +start() { + if [ ! -f /var/kerberos/krb5kdc/principal ] ; then + exit 0 + fi + echo -n "Starting Kerberos 5-to-4 Server:" + daemon /usr/kerberos/sbin/krb524d -m + RETVAL=$? + echo + [ $RETVAL = 0 ] && touch /var/lock/subsys/krb524 +} +stop() { + echo -n "Stopping Kerberos 5-to-4 Server:" + killproc krb524d + RETVAL=$? + echo + [ $RETVAL = 0 ] && rm -f /var/lock/subsys/krb524 +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + status) + status krb524d + ;; + condrestart) + if [ -f /var/lock/subsys/krb524 ] ; then + stop + start + fi + ;; + *) + echo "Usage: $0 {start|stop|status|restart|condrestart}" + RETVAL=1 + ;; +esac + +exit $RETVAL diff --git a/krb5kdc.init b/krb5kdc.init new file mode 100755 index 0000000..855c748 --- /dev/null +++ b/krb5kdc.init @@ -0,0 +1,69 @@ +#!/bin/sh +# +# krb5kdc Start and stop the Kerberos 5 servers. +# +# chkconfig: - 35 65 +# description: Kerberos 5 is a trusted third-party authentication system. \ +# This script starts and stops the server that Kerberos IV and 5 \ +# clients need to connect to in order to obtain credentials. +# processname: krb5kdc +# + +# Get config. +. /etc/sysconfig/network + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 0 + +# Source function library. +. /etc/rc.d/init.d/functions + +RETVAL=0 + +# Sheel functions to cut down on useless shell instances. +start() { + if [ ! -f /var/kerberos/krb5kdc/principal ] ; then + exit 0 + fi + echo -n "Starting Kerberos 5 KDC:" + daemon /usr/kerberos/sbin/krb5kdc + RETVAL=$? + echo + [ $RETVAL = 0 ] && touch /var/lock/subsys/krb5kdc +} +stop() { + echo -n "Stopping Kerberos 5 KDC:" + killproc krb5kdc + RETVAL=$? + echo + [ $RETVAL = 0 ] && rm -f /var/lock/subsys/krb5kdc +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + status) + status krb5kdc + ;; + condrestart) + if [ -f /var/lock/subsys/krb5kdc ] ; then + stop + start + fi + ;; + *) + echo "Usage: $0 {start|stop|status|restart|condrestart}" + RETVAL=1 + ;; +esac + +exit $RETVAL diff --git a/krlogin b/krlogin new file mode 100644 index 0000000..9822523 --- /dev/null +++ b/krlogin @@ -0,0 +1 @@ +/usr/kerberos/bin/rlogin -x $* diff --git a/krsh b/krsh new file mode 100644 index 0000000..9b4b6dc --- /dev/null +++ b/krsh @@ -0,0 +1 @@ +/usr/kerberos/bin/rsh -x $* diff --git a/kshell.xinetd b/kshell.xinetd new file mode 100644 index 0000000..95bd598 --- /dev/null +++ b/kshell.xinetd @@ -0,0 +1,13 @@ +# default: off +# description: The kerberized rshell server accepts rshell commands \ +# authenticated and encrypted with Kerberos 5. +service kshell +{ + flags = REUSE + socket_type = stream + wait = no + user = root + server = /usr/kerberos/sbin/kshd + server_args = -e -5 + disable = yes +} diff --git a/sources b/sources index e69de29..efdc7b4 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +a20d10cd42e0fdd0a3c825e0a1e2e08a krb5-1.2.1.tar