Date: Tue, 08 Dec 2015 19:18:10 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-doc@FreeBSD.org Subject: [Bug 205146] [patch] Kerberos section of Handbook is inconsistent with system Message-ID: <bug-205146-9@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205146 Bug ID: 205146 Summary: [patch] Kerberos section of Handbook is inconsistent with system Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Many People Priority: --- Component: Documentation Assignee: freebsd-doc@FreeBSD.org Reporter: kevin@bostoncrypto.com Keywords: patch Created attachment 163997 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=163997&action=edit Patch for Security Chapter of Handbook I have found that there are several inconsistencies between the Kerberos setup instructions of the handbook and the behavior of STABLE and CURRENT, due to renamed daemons, rc scripts, etc. Using the rc.conf variables suggested in the Handbook results in the following warnings: "/etc/rc.d/kadmind: WARNING: $kadmind5_server_enable is obsolete. Use $kadmind_enable instead. /etc/rc.d/kadmind: WARNING: $kerberos5_server_enable is obsolete. Use $kdc_enable instead." Furthermore, even attempting to start the service with "service kerberos enable", as suggested in the Handbook, simply fails with "kerberos does not exist in /etc/rc.d or the local startup directories (/usr/local/etc/rc.d)" I believe Bug ID 204788 also complains of at least some of these problems, and I am attaching a patch which I believe fixes at least those issues I mention above. Furthermore, the man page for rc.conf would also appear to be out of date; no mention of the "kdc_enable" option is made, even though that would seem to be the correct way to enable the Heimdal server included in base. However, while the presence of "kerberos5_server_enable" would seem to be outdated, according to warnings as quoted above, the variable "kerberos5_server", which can assign an arbitrary path to a daemon of choice, might keep the presence of this option relevant. A similar argument could be made for "kadmind5_server_enable" and "kadmind5_server". So, while I think "kdc_enable" and "kadmind_enable" should certainly be added to the man page, I am not sure whether they should replace or merely augment the current options. I'll be happy to submit a patch if someone can offer me guidance in this regard. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-205146-9>