From owner-freebsd-bugs@FreeBSD.ORG Fri Feb 6 13:57:11 2015 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AD7B02BE for ; Fri, 6 Feb 2015 13:57:11 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7AE3067C for ; Fri, 6 Feb 2015 13:57:11 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t16DvBm4016206 for ; Fri, 6 Feb 2015 13:57:11 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 197337] rc.d/kdc missing with WITHOUT_KERBEROS, but Kerberos ports need it Date: Fri, 06 Feb 2015 13:57:11 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: 10.1-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: mcdouga9@egr.msu.edu X-Bugzilla-Status: In Progress X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2015 13:57:11 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197337 --- Comment #11 from mcdouga9@egr.msu.edu --- "There is no elegant solution to having MIT KRB5 and Heimdal KRB5 (in base or ports) to simply share the same startup scripts without a hack (detection of whether --detach should be used or not)." <- There was, and it was removed by 10.1. To be fair, I don't use kadmind now but I suspect I had it running in the past from rc scripts. Up to and including 10.0-RELEASE /etc/defaults/rc.conf contained: kerberos5_server_flags="--detach" # Additional flags to the kerberos 5 server I could override it in /etc/rc.conf using: # MIT Kerberos does not support --detach in default flags, override with empty kerberos5_server_flags="" Because /etc/rc.d/kerberos contained: kerberos5_flags="${kerberos5_server_flags}" This usage case was supported up until 10.1 where there was a regression because support for reading flags from rc.conf was removed. It did feel slightly odd to use an empty string to avoid default arguments, but it only required editing standard configuration files so I didn't consider it a hack. I forgot about reporting the --detach issue because it was a lesser issue compared to the script not existing, but someone else recently reported it: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197339 I don't have integration problems with the rest of MIT Kerberos such as propagation, I setup a cron job and inetd for that. I'm in favor of an improved solution and I'm delighted it is being discussed, but just pointing out these two issues are regressions from 10.0-RELEASE in a stable branch. I hope it can be solved by ports changes or at least the regressions corrected before the next FreeBSD release. Thank you all for being involved! -- You are receiving this mail because: You are the assignee for the bug.