#!/bin/bash # # kbrbserver.init Start and stop the Kerberos 5 servers. # # chkconfig: 2345 35 65 # description: Kerberos 5 is a trusted third-party authentication system. \ # This script starts and stops the servers that Kerberos IV and 5 \ # clients need to connect to. # processname: krb5kdc # processname: kadmind # processname: krb524d # ### BEGIN INIT INFO # Provides: krb5server # Required-Start: $network # Required-Stop: $network # Default-Start: 3 4 5 # Short-Description: Kerberos 5 KDC and Admin servers # Description: This scripts controls the KDC and Admin server, and optionally \ # also the krb524 service. ### END INIT INFO # Get config. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 # Source function library. . /etc/rc.d/init.d/functions RETVAL=0 KRB5KDC="Kerberos 5 KDC" KADMIND="Kerberos 5 Admin Server" KRB524D="Kerberos 5-to-4 Server" exist_database() { if grep -qE \ "^[[:blank:]]*db_library[[:blank:]]*=[[:blank:]]*kldap$" \ /etc/krb5.conf; then return 0 fi if [ ! -f /etc/kerberos/krb5kdc/principal ] ; then return 1 else return 0 fi } # Sheel functions to cut down on useless shell instances. start() { if ! exist_database; then gprintf "Warning, no kerberos database initialized, exiting.\n" return 1 fi if [ ! -f /etc/kerberos/krb5kdc/kadm5.keytab ] ; then echo "Extracting kadm5 Service Keys: " /usr/sbin/kadmin.local -q "ktadd -k /etc/kerberos/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw" && success || fail echo fi gprintf "Starting %s: " "$KRB5KDC" daemon /usr/sbin/krb5kdc echo RET1=$? gprintf "Starting %s: " "$KADMIND" daemon /usr/sbin/kadmind echo RET2=$? if [ -x /usr/sbin/krb524d ]; then gprintf "Starting %s: " "$KRB524D" daemon /usr/sbin/krb524d -m echo fi if [ "$RET1" -eq "0" -a "$RET2" -eq "0" ]; then touch /var/lock/subsys/krb5server return 0 else return 1 fi } stop() { if [ -x /usr/sbin/krb524d ]; then gprintf "Stopping %s: " "$KRB524D" killproc krb524d RET1=$? echo else RET1=0 fi gprintf "Stopping %s: " "$KADMIND" killproc kadmind RET2=$? echo gprintf "Stopping %s: " "$KRB5KDC" killproc krb5kdc RET3=$? echo if [ "$RET1" -eq "0" -a "$RET2" -eq "0" -a "$RET3" -eq "0" ]; then rm -f /var/lock/subsys/krb5server return 0 else return 1 fi } # See how we were called. case "$1" in start) start RETVAL=$? ;; stop) stop RETVAL=$? ;; restart|reload) stop start RETVAL=$? ;; status) status krb5kdc RET1=$? status kadmind RET2=$? status krb524d RET3=$? RETVAL=$[$RET1|$RET2|$RET3] ;; condrestart) if [ -f /var/lock/subsys/krb5server ] ; then stop start RETVAL=$? fi ;; *) echo "Usage: krb5server {start|stop|status|restart|reload|condrestart}" exit 1 ;; esac exit $RETLEVEL