3 # Provides: heimdal-kdc
4 # Required-Start: $remote_fs $syslog
5 # Required-Stop: $remote_fs $syslog
6 # Default-Start: 2 3 4 5
8 # Short-Description: Start KDC server
11 BIN_DIRECTORY
=/opt
/heimdal
/bin
12 SBIN_DIRECTORY
=/opt
/heimdal
/sbin
13 DAEMON_DIRECTORY
=/opt
/heimdal
/libexec
14 CONFIG_DIRECTORY
=/etc
/opt
/heimdal
15 MASTER_FILE
=$CONFIG_DIRECTORY/master
17 PATH
=$SBIN_DIRECTORY:$BIN_DIRECTORY:/sbin
:/bin
:/usr
/sbin
:/usr
/bin
18 KDC_DAEMON
=$DAEMON_DIRECTORY/kdc
20 KDC_DESC
="Heimdal KDC"
21 KPASSWDD_DAEMON
=$DAEMON_DIRECTORY/kpasswdd
22 KPASSWDD_NAME
=kpasswdd
23 KPASSWDD_DESC
="Heimdal password server"
26 IPROP_MASTER
=$DAEMON_DIRECTORY/ipropd-master
27 IPROP_SLAVE
=$DAEMON_DIRECTORY/ipropd-slave
28 MASTER_NAME
=ipropd-master
29 SLAVE_NAME
=ipropd-slave
31 # On the master, these are created via local kadmin or krb5_admin
32 # before the KDC starts. On slaves, these are created via krb5_admin
33 # against the running master, before the slave is ready to run!
35 # So if these are missing, whether we're master or slave, the KDC is
36 # not ready for prime-time. If these are present, odds are good we've
37 # a reasonable Kerberos database for our clients.
39 REQUIRED_SPRINCS
="host iprop krb5_admin"
41 if [ -f "/etc/default/heimdal" ] ; then
42 .
/etc
/default
/heimdal
45 test -f $KDC_DAEMON ||
exit 0
46 test -f $KPASSWDD_DAEMON ||
exit 0
48 # Need the FQDN of this host to construct database readiness queries
49 # and to determine whether we're the master.
54 kadmin
-l list
-s -o principal
= "$1" 2>/dev
/null |
egrep -v '^$'
57 # Test for the requird service principals, allow for the possibility
58 # that "kadmin -l list" may change to append the default realm to terse
59 # output in the future.
61 for sprinc
in $REQUIRED_SPRINCS
63 kdcent
=$
(lookup_princ
"$sprinc/$FQDN") &&
64 [ "${kdcent%@*}" = "$sprinc/$FQDN" ] ||
{ KDC_ENABLED
="no"; break; }
67 # Check to see whether we're the master.
70 [ ! -f "$MASTER_FILE" ] ||
{
71 MFQDN
=$
(awk '/^(#|[ \t]*$)/ {next}; {print; exit}' "$MASTER_FILE")
73 if [ -z "$MFQDN" ]; then MASTER_ENABLED
=no
; SLAVE_ENABLED
=no
;
74 elif [ "$MFQDN" = "$(uname -n)" ]; then MASTER_ENABLED
=yes; SLAVE_ENABLED
=no
;
75 else MASTER_ENABLED
=no
; SLAVE_ENABLED
=yes; fi
77 # Only run kpasswdd on the master!
79 if [ "$KDC_ENABLED" != "yes" -o "$MASTER_ENABLED" != "yes" ]; then
83 # commented out due to bug #574425.
88 if [ "$KDC_ENABLED" = "yes" ];
90 echo -n "Starting $KDC_DESC: "
91 start-stop-daemon
--start --quiet --background \
92 --make-pidfile --pidfile /var
/run
/$KDC_NAME.pid \
93 --exec $KDC_DAEMON -- $KDC_PARAMS
96 if [ "$KPASSWDD_ENABLED" = "yes" ];
98 echo -n "Starting $KPASSWDD_DESC: "
99 start-stop-daemon
--start --quiet --background \
100 --make-pidfile --pidfile /var
/run
/$KPASSWDD_NAME.pid \
101 --exec $KPASSWDD_DAEMON -- $KPASSWDD_PARAMS
102 echo "$KPASSWDD_NAME."
104 if [ "$MASTER_ENABLED" = "yes" ];
106 echo -n "Starting incremental propagation master: "
107 start-stop-daemon
--start --quiet --background \
108 --make-pidfile --pidfile /var
/run
/$MASTER_NAME.pid \
109 --exec "$IPROP_MASTER" -- $MASTER_PARAMS
112 if [ "$SLAVE_ENABLED" = "yes" ];
114 echo -n "Starting incremental propagation slave: "
115 start-stop-daemon
--start --quiet --background \
116 --make-pidfile --pidfile /var
/run
/$SLAVE_NAME.pid \
117 --exec "$IPROP_SLAVE" -- $SLAVE_PARAMS "$MFQDN"
122 if [ -f /var
/run
/$KPASSWDD_NAME.pid
]
124 echo -n "Stopping $KPASSWDD_DESC: "
125 start-stop-daemon
--stop --oknodo --quiet --pidfile /var
/run
/$KPASSWDD_NAME.pid \
126 --exec $KPASSWDD_DAEMON -- $KPASSWDD_PARAMS
127 echo "$KPASSWDD_NAME."
129 if [ -f /var
/run
/$KDC_NAME.pid
]
131 echo -n "Stopping $KDC_DESC: "
132 start-stop-daemon
--stop --oknodo --quiet --pidfile /var
/run
/$KDC_NAME.pid \
133 --exec $KDC_DAEMON -- $KDC_PARAMS
136 if [ -f /var
/run
/$MASTER_NAME.pid
]
138 echo -n "Stopping incremental propagation master: "
139 start-stop-daemon
--stop --oknodo --quiet --pidfile /var
/run
/$MASTER_NAME.pid \
140 --exec "$IPROP_MASTER" -- $MASTER_PARAMS
143 if [ -f /var
/run
/$SLAVE_NAME.pid
]
145 echo -n "Stopping incremental propagation slave: "
146 start-stop-daemon
--stop --oknodo --quiet --pidfile /var
/run
/$SLAVE_NAME.pid \
147 --exec "$IPROP_SLAVE" -- $SLAVE_PARAMS
148 echo "/usr/sbin/$SLAVE_NAME."
153 # If the daemon can reload its config files on the fly
154 # for example by sending it SIGHUP, do it here.
156 # If the daemon responds to changes in its config file
157 # directly anyway, make this a do-nothing entry.
159 # echo "Reloading $DESC configuration files."
160 # start-stop-daemon --stop --signal 1 --quiet --pidfile \
161 # /var/run/$NAME.pid --exec $DAEMON
163 restart|force-reload
)
165 # If the "reload" option is implemented, move the "force-reload"
166 # option to the "reload" entry above. If not, "force-reload" is
167 # just the same as "restart".
169 /etc
/init.d
/heimdal stop
171 /etc
/init.d
/heimdal start
175 # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
176 echo "Usage: $N {start|stop|restart|force-reload}" >&2