Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 06 Feb 2015 13:57:11 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 197337] rc.d/kdc missing with WITHOUT_KERBEROS, but Kerberos ports need it
Message-ID:  <bug-197337-8-Iv2tXhU02U@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-197337-8@https.bugs.freebsd.org/bugzilla/>
References:  <bug-197337-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197337

--- Comment #11 from mcdouga9@egr.msu.edu ---
"There is no elegant solution to having MIT KRB5 and Heimdal KRB5 (in base or
ports) to simply share the same startup scripts without a hack (detection of
whether --detach should be used or not)."  <- There was, and it was removed by
10.1.

To be fair, I don't use kadmind now but I suspect I had it running in the past
from rc scripts.

Up to and including 10.0-RELEASE /etc/defaults/rc.conf contained:
kerberos5_server_flags="--detach" # Additional flags to the kerberos 5 server

I could override it in /etc/rc.conf using:
# MIT Kerberos does not support --detach in default flags, override with empty
kerberos5_server_flags=""

Because /etc/rc.d/kerberos contained:
kerberos5_flags="${kerberos5_server_flags}"

This usage case was supported up until 10.1 where there was a regression
because support for reading flags from rc.conf was removed.  It did feel
slightly odd to use an empty string to avoid default arguments, but it only
required editing standard configuration files so I didn't consider it a hack.

I forgot about reporting the --detach issue because it was a lesser issue
compared to the script not existing, but someone else recently reported it:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197339

I don't have integration problems with the rest of MIT Kerberos such as
propagation, I setup a cron job and inetd for that.

I'm in favor of an improved solution and I'm delighted it is being discussed,
but just pointing out these two issues are regressions from 10.0-RELEASE in a
stable branch.  I hope it can be solved by ports changes or at least the
regressions corrected before the next FreeBSD release.  Thank you all for being
involved!

-- 
You are receiving this mail because:
You are the assignee for the bug.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-197337-8-Iv2tXhU02U>