* There is no longer any local `domtool' group, use `nogroup' instead and
chmod files user readable only
* The init scripts assumed `/usr/local/[s]bin' were in `$PATH', which
is not true on a default Debian install. Rather than require
customization of system defaults, just use long paths. It would be
nice if the Makefile supported relocatable installs, but I also want
a pony for xmas.
* `domtool-admin-sudo' never worked properly. It seems to rely on the
mistaken assumption that starting a `pagsh' gives you a new
PAG... when `pagsh' has the unintuitive behavior of adopting the
current PAG instead of creating a new one if one should
exist. Things appeared to work since there was always a local
domtool user, and some interaction between the init scripts
acquiring tokens outside of a PAG and sudo led to use of the uid
ticket cache. The solution is just to use `k5start' instead of
`kinit && aklog'
mkdir $KEYDIR || echo Key directory already exists.
openssl genrsa -out $KEYFILE
mkdir $KEYDIR || echo Key directory already exists.
openssl genrsa -out $KEYFILE
-chown -R domtool.domtool $KEYDIR
+chown -R domtool.nogroup $KEYDIR
fs sa $KEYDIR $USER read || echo This must be a server principal.
echo "." >$KEYIN
echo "." >>$KEYIN
fs sa $KEYDIR $USER read || echo This must be a server principal.
echo "." >$KEYIN
echo "." >>$KEYIN
rm $NEWREQ
openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
rm $NEW
rm $NEWREQ
openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
rm $NEW
-chown domtool.domtool $CERTFILE
+chown domtool.nogroup $CERTFILE
-kinit -k -t /etc/keytabs/domtool domtool
-aklog
-domtool-admin $* >/dev/null 2>/dev/null
+k5start -qtUf /etc/keytabs/domtool domtool-admin $* >/dev/null 2>/dev/null
# This script should go in /etc/init.d/ on Debian Linux systems
# running Domtool dispatchers.
# This script should go in /etc/init.d/ on Debian Linux systems
# running Domtool dispatchers.
+# This script is NOT lsb compliant by a long shot... need to fix that
+
+### BEGIN INIT INFO
+# Provides: domtool-server
+# Required-Start: $remote_fs $network $time openafs-client nscd
+# Required-Stop: $remote_fs $network openafs-client nscd
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Domtool Dispatcher
+# Description: Launches the domtool server
+### END INIT INFO
+
SELF=$(cd $(dirname $0); pwd -P)/$(basename $0)
PIDFILE="/var/run/domtool/k5start-server.pid"
SELF=$(cd $(dirname $0); pwd -P)/$(basename $0)
PIDFILE="/var/run/domtool/k5start-server.pid"
+. /lib/lsb/init-functions
- echo -n "Starting Domtool dispatcher: domtool-server"
+ log_daemon_msg "Starting Domtool dispatcher" "domtool-server"
if sudo -u domtool domtool-admin-sudo ping; then
echo "...already running."
else
PIDDIR=$(dirname "$PIDFILE")
if test ! -d "$PIDDIR"; then
if sudo -u domtool domtool-admin-sudo ping; then
echo "...already running."
else
PIDDIR=$(dirname "$PIDFILE")
if test ! -d "$PIDDIR"; then
- mkdir -m 0755 $PIDDIR
- chown domtool:domtool $PIDDIR
+ mkdir -m 0750 $PIDDIR
+ chown domtool:nogroup $PIDDIR
fi
start-stop-daemon --start --pidfile $PIDFILE \
fi
start-stop-daemon --start --pidfile $PIDFILE \
--exec /usr/bin/k5start -- -U -b \
-f /etc/keytabs/domtool \
-K 300 -t -p $PIDFILE \
--exec /usr/bin/k5start -- -U -b \
-f /etc/keytabs/domtool \
-K 300 -t -p $PIDFILE \
+ /usr/local/bin/domtool-server-logged
-domtool-server >>/var/log/domtool.log 2>>/var/log/domtool.log
+/usr/local/sbin/domtool-server >>/var/log/domtool.log 2>>/var/log/domtool.log
# This script should go in /etc/init.d/ on Debian Linux systems
# running Domtool slaves.
# This script should go in /etc/init.d/ on Debian Linux systems
# running Domtool slaves.
+# This script is NOT lsb compliant by a long shot... need to fix that
+# We need nscd running to lookup afs users for whatever reason
+
+### BEGIN INIT INFO
+# Provides: domtool-slave
+# Required-Start: $remote_fs $network $time openafs-client nscd
+# Required-Stop: $remote_fs $network openafs-client nscd
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Domtool Slave
+# Description: Launches the domtool slave
+### END INIT INFO
+
SELF=$(cd $(dirname $0); pwd -P)/$(basename $0)
PIDFILE="/var/run/domtool/k5start-slave.pid"
SELF=$(cd $(dirname $0); pwd -P)/$(basename $0)
PIDFILE="/var/run/domtool/k5start-slave.pid"
+. /lib/lsb/init-functions
else
PIDDIR=$(dirname "$PIDFILE")
if test ! -d "$PIDDIR"; then
else
PIDDIR=$(dirname "$PIDFILE")
if test ! -d "$PIDDIR"; then
- mkdir -m 0755 $PIDDIR
- chown domtool:domtool $PIDDIR
+ mkdir -m 0750 $PIDDIR
+ chown domtool:nogroup $PIDDIR
fi
start-stop-daemon --start --pidfile $PIDFILE \
fi
start-stop-daemon --start --pidfile $PIDFILE \
--exec /usr/bin/k5start -- -U -b \
-f /etc/keytabs/domtool \
-K 300 -t -p $PIDFILE \
--exec /usr/bin/k5start -- -U -b \
-f /etc/keytabs/domtool \
-K 300 -t -p $PIDFILE \
+ /usr/local/bin/domtool-slave-logged
-domtool-slave >>/var/log/domtool.log 2>>/var/log/domtool.log
+/usr/local/sbin/domtool-slave >>/var/log/domtool.log 2>>/var/log/domtool.log