[Mageia-dev] krb5 paths issue

David W. Hodgins davidwhodgins at gmail.com
Thu Jul 5 10:40:45 CEST 2012


On Wed, 04 Jul 2012 18:27:38 -0400, David Walser <luigiwalser at yahoo.com> wrote:

> An issue has been raised while QA testing an update for krb5 for Mageia 1 and Mageia 2 about apparently incorrect paths in init scripts:
> https://bugs.mageia.org/show_bug.cgi?id=6469
>
> Would the correct thing to do be to change /var/kerberos/krb5kdc to /etc/kerberos/krb5kdc as proposed in this patch to kadmin.init?:
> https://bugs.mageia.org/attachment.cgi?id=2476&action=diff
>
> I also noticed a line in kprop.init that says:
>     [ -f /var/kerberos/krb5kdc/kpropd.acl ] || exit 6
>
> Should that be changed as well?

Yes.

Ideally, only the config files should be in /etc, and the database
should be in /var.  In order to get the security update out quickly,
the scripts should be changed to /etc, to match the current config
files.

I think a new bug report should be opened, requesting changing
the various scripts to use something like
eval $(sed 's/ //g' /etc/kerberos/krb5kdc/kdc.conf|grep ^database_name)
to get the location of the database (with similar code for the other
files) and have new installs put the database in /var.

> Also, in krb5 in Cauldron, I similarly noticed the following...
> kadmin.service:
> ConditionPathExists=!/var/kerberos/krb5kdc/kpropd.acl
>
> kprop.service:
> ConditionPathExists=/var/kerberos/krb5kdc/kpropd.acl
>
> Should those be changed as well?

Yes.

Regards, Dave Hodgins
 


More information about the Mageia-dev mailing list