On Fri, 2010-06-18 at 01:54 +0200, Daniel Dehennin wrote: > The idea is to configure the feature in nslcd.conf (through debconf), > we must detect the configuration in the init-script to start the > "ticket keeper" before nslcd starts. > > I put it in the init-script and not in /etc/default/nslcd to keep this > one as simple variables assignment and to avoid errors: imagine > someone who change the KRB5_CCNAME in /etc/default/nslcd and does not > update the /etc/nslcd.conf accordingly.
Thanks for your answer. I have reworked the init script a bit to be a little simpler. I've also renamed the variables to prefix everything related to k5start with K5START. Please check the attached files to see if it is still working as expected. I've also introduced a K5START_START flag that gets enabled when a supported configuration is found. I think it is a little cleaner than erroring out on unsupported configurations. I'm not yet happy with the restart code yet (I think the log messages get mixed up). Perhaps some improvements can be made there? Also, I'm wondering about the K5START_CCNAME option. Shouldn't that be K5START_CCFILE? If I understand correctly a CCNAME is something like "FILE:/foo/bar" while the variable currently only holds the filename part. > I use the following configuration: > use_sasl on > sasl_mech GSSAPI > krb5_ccname /tmp/nslcd.tkt Is there any reasonable configuration where you have use_sasl set to on but sasl_mech not set? In other words do you think I should remove the use_sasl option and just use SASL when sasl_mech is configured? Anyway, thanks for your feedback. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
# Defaults for nslcd init script # Whether to start k5start (for obtaining and keeping a Kerberos ticket) # By default k5start is started if nslcd.conf contains use_sasl, # sasl_mech is set to GSSAPI and krb5_ccname is set to a file-type # ticket cache. Set to "yes" to enable starting k5start. #K5START_START="yes" # Options for k5start. #K5START_BIN=/usr/bin/k5start #K5START_PIDFILE=/var/run/nslcd/k5start_nslcd.pid #K5START_USER=nslcd #K5START_GROUP=nslcd #K5START_MODE=600 #K5START_KEYTAB=/etc/krb5.keytab #K5START_CCREFRESH=60 #K5START_PRINCIPAL="host/$(hostname -f)" #K5START_CCNAME=$(sed -n 's/^krb5_ccname *FILE:\([^: ]*\) *$/\1/ip' $NSLCD_CFG)
nslcd.init
Description: application/shellscript
signature.asc
Description: This is a digitally signed message part
