mkdir $KEYDIR || echo Key directory already exists.
openssl genrsa -out $KEYFILE
-chown -R domtool.domtool $KEYDIR
+chown -R domtool.nogroup $KEYDIR
fs sa $KEYDIR $USER read || echo This must be a server principal.
echo "." >$KEYIN
echo "." >>$KEYIN
rm $NEWREQ
openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
rm $NEW
-chown domtool.domtool $CERTFILE
+chown domtool.nogroup $CERTFILE
#!/usr/bin/pagsh.openafs
-kinit -k -t /etc/keytabs/domtool domtool
-aklog
-domtool-admin $* >/dev/null 2>/dev/null
+k5start -qtUf /etc/keytabs/domtool domtool-admin $* >/dev/null 2>/dev/null
#!/usr/bin/pagsh.openafs
+# -*- sh-mode -*-
# This script should go in /etc/init.d/ on Debian Linux systems
# running Domtool dispatchers.
+# This script is NOT lsb compliant by a long shot... need to fix that
+
+### BEGIN INIT INFO
+# Provides: domtool-server
+# Required-Start: $remote_fs $network $time openafs-client nscd
+# Required-Stop: $remote_fs $network openafs-client nscd
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Domtool Dispatcher
+# Description: Launches the domtool server
+### END INIT INFO
+
SELF=$(cd $(dirname $0); pwd -P)/$(basename $0)
PIDFILE="/var/run/domtool/k5start-server.pid"
-set -e
+. /lib/lsb/init-functions
case $1 in
start)
- echo -n "Starting Domtool dispatcher: domtool-server"
+ log_daemon_msg "Starting Domtool dispatcher" "domtool-server"
if sudo -u domtool domtool-admin-sudo ping; then
echo "...already running."
else
PIDDIR=$(dirname "$PIDFILE")
if test ! -d "$PIDDIR"; then
- mkdir -m 0755 $PIDDIR
- chown domtool:domtool $PIDDIR
+ mkdir -m 0750 $PIDDIR
+ chown domtool:nogroup $PIDDIR
fi
start-stop-daemon --start --pidfile $PIDFILE \
- -c domtool:domtool \
+ -c domtool:nogroup \
--exec /usr/bin/k5start -- -U -b \
-f /etc/keytabs/domtool \
-K 300 -t -p $PIDFILE \
- domtool-server-logged
+ /usr/local/bin/domtool-server-logged
echo "."
fi
;;
-domtool-server >>/var/log/domtool.log 2>>/var/log/domtool.log
+/usr/local/sbin/domtool-server >>/var/log/domtool.log 2>>/var/log/domtool.log
#!/usr/bin/pagsh.openafs
+# -*- sh -*-
# This script should go in /etc/init.d/ on Debian Linux systems
# running Domtool slaves.
+# This script is NOT lsb compliant by a long shot... need to fix that
+# We need nscd running to lookup afs users for whatever reason
+
+### BEGIN INIT INFO
+# Provides: domtool-slave
+# Required-Start: $remote_fs $network $time openafs-client nscd
+# Required-Stop: $remote_fs $network openafs-client nscd
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Domtool Slave
+# Description: Launches the domtool slave
+### END INIT INFO
+
SELF=$(cd $(dirname $0); pwd -P)/$(basename $0)
PIDFILE="/var/run/domtool/k5start-slave.pid"
-set -e
+. /lib/lsb/init-functions
case $1 in
start)
else
PIDDIR=$(dirname "$PIDFILE")
if test ! -d "$PIDDIR"; then
- mkdir -m 0755 $PIDDIR
- chown domtool:domtool $PIDDIR
+ mkdir -m 0750 $PIDDIR
+ chown domtool:nogroup $PIDDIR
fi
start-stop-daemon --start --pidfile $PIDFILE \
- -c domtool:domtool \
+ -c domtool:nogroup \
--exec /usr/bin/k5start -- -U -b \
-f /etc/keytabs/domtool \
-K 300 -t -p $PIDFILE \
- domtool-slave-logged
+ /usr/local/bin/domtool-slave-logged
echo "."
fi
;;
-domtool-slave >>/var/log/domtool.log 2>>/var/log/domtool.log
+/usr/local/sbin/domtool-slave >>/var/log/domtool.log 2>>/var/log/domtool.log