etc/000075500000000000000000000000001232617762700116445ustar00rootroot00000000000000etc/krb5.conf000064400000000000000000000001761232617762700133620ustar00rootroot00000000000000[libdefaults] dns_lookup_kdc = true dns_lookup_realm = true ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true etc/rc.d/000075500000000000000000000000001232617762700124725ustar00rootroot00000000000000etc/rc.d/init.d/000075500000000000000000000000001232617762700136575ustar00rootroot00000000000000etc/rc.d/init.d/kadmin000075500000000000000000000042661232617762700150600ustar00rootroot00000000000000#!/bin/bash # # kadmind Start and stop the Kerberos 5 administrative server. # # chkconfig: - 41 59 # description: Kerberos 5 is a trusted third-party authentication system. \ # This script starts and stops the Kerberos 5 administrative \ # server, which should only be run on the master server for a \ # realm. # processname: kadmind # WITHOUT_RC_COMPAT=1 # Source function library. . /etc/init.d/functions # Get config. SourceIfNotEmpty /etc/sysconfig/network LOCKFILE=/var/lock/subsys/kadmin KDC_PATH=/var/lib/kerberos/krb5kdc RETVAL=0 KADMIND_ARGS= if [ -f /etc/sysconfig/kadmin ]; then . /etc/sysconfig/kadmin fi extract_keys() { action $"Extracting kadm5 Service Keys: " \ /usr/sbin/kadmin.local -q "ktadd\ -k\ ${KDC_PATH}/kadm5.keytab\ kadmin/admin\ kadmin/changepw" } start() { is_yes "$NETWORKING" || return 0 [ -f "$KDC_PATH/principal" ] || return 0 [ ! -f "$KDC_PATH/kpropd.acl" ] || return 0 [ -f "$KDC_PATH/kadm5.keytab" ] || extract_keys start_daemon --lockfile "$LOCKFILE" --expect-user root -- kadmind "$KADMIND_ARGS" RETVAL=$? return $RETVAL } stop() { stop_daemon --lockfile "$LOCKFILE" --expect-user root -- kadmind RETVAL=$? return $RETVAL } restart() { stop start } reload() { msg_reloading kadmind stop_daemon --expect-user root -HUP -- kadmind RETVAL=$? return $RETVAL } # See how we were called. case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) restart ;; condstop) if [ -e "$LOCKFILE" ]; then stop fi ;; condrestart) if [ -e "$LOCKFILE" ]; then restart fi ;; condreload) if [ -e "$LOCKFILE" ]; then reload fi ;; status) status --expect-user root -- kadmind RETVAL=$? ;; *) msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" RETVAL=1 esac exit $RETVAL etc/rc.d/init.d/kdcrotate000075500000000000000000000020741232617762700155700ustar00rootroot00000000000000#!/bin/sh # # kdcrotate This shell script rotates the list of KDCs in /etc/krb5.conf # # Author: Based on SysV Init in RHS Linux by Damien Neil # Written by Nalin Dahyabhai # # chkconfig: 345 99 01 # # description: Rotate the list of KDCs listed in /etc/krb5.conf # PATH=/sbin:$PATH # Only run in runlevels where we're 'enabled', which should only be 345. if [ "$1" != "start" ] ; then exit 0 fi # source function library . /etc/rc.d/init.d/functions action "Rotating KDC list" "awk ' /^[[:space:]]*kdc[[:space:]]*=/ { \\ if(length(firstkdc) == 0) { \\ firstkdc = \$0; \\ } else { \\ if(length(kdclist) > 0) { \\ kdclist = kdclist ORS; \\ } \\ kdclist = kdclist \$0; \\ } \\ next; \\ } \\ { \\ if(length(kdclist) > 0) { \\ NEWCONFIG = NEWCONFIG kdclist ORS; \\ } \\ if(length(firstkdc) > 0) { \\ NEWCONFIG = NEWCONFIG firstkdc ORS; \\ } \\ firstkdc = \"\"; \\ kdclist = \"\"; \\ NEWCONFIG = NEWCONFIG \$0 ORS; \\ } \\ END {printf \"%s\", NEWCONFIG > \"/etc/krb5.conf\"}' /etc/krb5.conf" etc/rc.d/init.d/kprop000075500000000000000000000034601232617762700147430ustar00rootroot00000000000000#!/bin/bash # # kpropd.init Start and stop the Kerberos 5 propagation client. # # chkconfig: - 41 59 # description: Kerberos 5 is a trusted third-party authentication system. \ # This script starts and stops the service that allows this \ # KDC to receive updates from your master KDC. # processname: kpropd # WITHOUT_RC_COMPAT=1 # Source function library. . /etc/init.d/functions # Get config. SourceIfNotEmpty /etc/sysconfig/network LOCKFILE=/var/lock/subsys/kprop KDC_PATH=/var/lib/kerberos/krb5kdc RETVAL=0 # Sheel functions to cut down on useless shell instances. start() { is_yes "$NETWORKING" || return 0 [ -f "$KDC_PATH/kpropd.acl" ] || return 0 start_daemon --lockfile "$LOCKFILE" -- kpropd -S RETVAL=$? return $RETVAL } stop() { stop_daemon --lockfile "$LOCKFILE" -- kpropd RETVAL=$? return $RETVAL } restart() { stop start } reload() { msg_reloading kpropd stop_daemon --expect-user root -HUP -- kpropd RETVAL=$? return $RETVAL } # See how we were called. case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) restart ;; condstop) if [ -e "$LOCKFILE" ]; then stop fi ;; condrestart) if [ -e "$LOCKFILE" ]; then restart fi ;; condreload) if [ -e "$LOCKFILE" ]; then reload fi ;; status) status --expect-user root -- kpropd RETVAL=$? ;; *) msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" RETVAL=1 esac exit $RETVAL etc/rc.d/init.d/krb5kdc000075500000000000000000000036201232617762700151330ustar00rootroot00000000000000#!/bin/bash # # krb5kdc Start and stop the Kerberos 5 servers. # # chkconfig: 345 41 60 # description: Kerberos 5 is a trusted third-party authentication system. \ # This script starts and stops the server that Kerberos IV and 5 \ # clients need to connect to in order to obtain credentials. # processname: krb5kdc # WITHOUT_RC_COMPAT=1 # Source function library. . /etc/init.d/functions # Get config. SourceIfNotEmpty /etc/sysconfig/network LOCKFILE=/var/lock/subsys/krb5kdc KDC_PATH=/var/lib/kerberos/krb5kdc/ RETVAL=0 KRB5KDC_ARGS= if [ -f /etc/sysconfig/krb5kdc ]; then . /etc/sysconfig/krb5kdc fi start() { is_yes "$NETWORKING" || return 0 [ -f "$KDC_PATH/principal" ] || return 0 start_daemon --lockfile "$LOCKFILE" -- krb5kdc "$KRB5KDC_ARGS" RETVAL=$? return $RETVAL } stop() { stop_daemon --lockfile "$LOCKFILE" -- krb5kdc RETVAL=$? return $RETVAL } restart() { stop start } reload() { msg_reloading krb5kdc stop_daemon --pidfile "$PIDFILE" --expect-user root -HUP -- krb5kdc RETVAL=$? return $RETVAL } # See how we were called. case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) restart ;; condstop) if [ -e "$LOCKFILE" ]; then stop fi ;; condrestart) if [ -e "$LOCKFILE" ]; then restart fi ;; condreload) if [ -e "$LOCKFILE" ]; then reload fi ;; status) status --pidfile "$PIDFILE" --expect-user root -- krb5kdc RETVAL=$? ;; *) msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" RETVAL=1 esac exit $RETVAL etc/sysconfig/000075500000000000000000000000001232617762700136505ustar00rootroot00000000000000etc/sysconfig/kadmin000064400000000000000000000000161232617762700150330ustar00rootroot00000000000000KADMIND_ARGS= etc/sysconfig/krb5kdc000064400000000000000000000000161232617762700151150ustar00rootroot00000000000000KRB5KDC_ARGS= lib/000075500000000000000000000000001232617762700116375ustar00rootroot00000000000000lib/systemd/000075500000000000000000000000001232617762700133275ustar00rootroot00000000000000lib/systemd/system/000075500000000000000000000000001232617762700146535ustar00rootroot00000000000000lib/systemd/system/kadmin.service000064400000000000000000000006031232617762700174770ustar00rootroot00000000000000[Unit] Description=Kerberos 5 Password-changing and Administration After=syslog.target network.target ConditionPathExists=!/var/kerberos/krb5kdc/kpropd.acl [Service] Type=forking PIDFile=/var/run/kadmind.pid EnvironmentFile=-/etc/sysconfig/kadmin ExecStart=/usr/sbin/kadmind -P /var/run/kadmind.pid $KADMIND_ARGS ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target lib/systemd/system/kprop.service000064400000000000000000000003361232617762700173720ustar00rootroot00000000000000[Unit] Description=Kerberos 5 Propagation After=syslog.target network.target ConditionPathExists=/var/kerberos/krb5kdc/kpropd.acl [Service] Type=forking ExecStart=/usr/sbin/kpropd -S [Install] WantedBy=multi-user.target lib/systemd/system/krb5kdc.service000064400000000000000000000004551232617762700175660ustar00rootroot00000000000000[Unit] Description=Kerberos 5 KDC After=syslog.target network.target [Service] Type=forking PIDFile=/var/run/krb5kdc.pid EnvironmentFile=-/etc/sysconfig/krb5kdc ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid $KRB5KDC_ARGS ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target var/000075500000000000000000000000001232617762700116615ustar00rootroot00000000000000var/lib/000075500000000000000000000000001232617762700124275ustar00rootroot00000000000000var/lib/kerberos/000075500000000000000000000000001232617762700142435ustar00rootroot00000000000000var/lib/kerberos/krb5kdc/000075500000000000000000000000001232617762700155705ustar00rootroot00000000000000var/lib/kerberos/krb5kdc/kadm5.acl000064400000000000000000000000261232617762700172500ustar00rootroot00000000000000*/admin@EXAMPLE.COM * var/lib/kerberos/krb5kdc/kdc.conf000064400000000000000000000005121232617762700171760ustar00rootroot00000000000000[kdcdefaults] acl_file = /var/lib/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/lib/kerberos/krb5kdc/kadm5.keytab [realms] EXAMPLE.COM = { master_key_type = des-cbc-crc supported_enctypes = rc4-hmac:normal des-cbc-crc:normal des3-cbc-raw:normal des3-cbc-sha1:normal des-cbc-crc:afs3 }