Hi Russ,
> I don't have time just at the moment to check whether this change is easy
> to make or to work on a patch. If you have a moment to do that, it would
> be greatly appreciated. Otherwise, I'll try to take a look at this as
> soon as I have some more free time.
the attached patch is rather simple as it will only move the fork() lines. I
don't think it might have any negative impacts and its also tested on my home
system for 14 days.
Moving the random number reading would be much more difficult, as one would
have to check all those initializations after krb5_c_random_os_entropy() in
ovsec_kadmind.c.
Cheers,
Bernd
--
Bernd Schubert
PCI / Theoretische Chemie
Universität Heidelberg
INF 229
69120 Heidelberg
diff -ru krb5-1.4.3.orig/src/kadmin/server/ovsec_kadmd.c krb5-1.4.3-7/src/kadmin/server/ovsec_kadmd.c
--- krb5-1.4.3.orig/src/kadmin/server/ovsec_kadmd.c 2004-09-21 20:20:16.000000000 +0200
+++ krb5-1.4.3-7/src/kadmin/server/ovsec_kadmd.c 2006-05-27 04:10:49.000000000 +0200
@@ -269,6 +269,18 @@
if (argc != 0)
usage();
+ if (!nofork && (ret = daemon(0, 0))) {
+ ret = errno;
+ krb5_klog_syslog(LOG_ERR, "Cannot detach from tty: %s", error_message(ret));
+ fprintf(stderr, "%s: Cannot detach from tty: %s\n",
+ whoami, error_message(ret));
+ svcauth_gssapi_unset_names();
+ kadm5_destroy(global_server_handle);
+ krb5_klog_close(context);
+ exit(1);
+ }
+
+
if ((ret = krb5_init_context(&context))) {
fprintf(stderr, "%s: %s while initializing context, aborting\n",
whoami, error_message(ret));
@@ -591,16 +603,6 @@
exit(1);
}
- if (!nofork && (ret = daemon(0, 0))) {
- ret = errno;
- krb5_klog_syslog(LOG_ERR, "Cannot detach from tty: %s", error_message(ret));
- fprintf(stderr, "%s: Cannot detach from tty: %s\n",
- whoami, error_message(ret));
- svcauth_gssapi_unset_names();
- kadm5_destroy(global_server_handle);
- krb5_klog_close(context);
- exit(1);
- }
setup_signal_handlers();
krb5_klog_syslog(LOG_INFO, "starting");
