git: 4103f8dd57b2 - main - rc.d: Add MIT KRB5 krb5kdc support

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Cy Schubert <cy_at_FreeBSD.org>
Date: Mon, 16 Jun 2025 02:51:56 UTC
The branch main has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=4103f8dd57b2a4985ff547c879cc05684932a874

commit 4103f8dd57b2a4985ff547c879cc05684932a874
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2025-06-11 02:48:06 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2025-06-16 02:49:37 +0000

    rc.d: Add MIT KRB5 krb5kdc support
    
    MIT KRB5 krb5kdc differs from the Heimdal kdc.
    
    - The MIT kdc is named krb5kdc while the Heimdal one is named kdc.
    - krb5kdc -d flag has a different meaning. krb5kdc -d specifies a
      database name. While the Heimdal kdc uses the -d flag to daemonize
      it. krb5kdc automaticially daemonizes itself unless the -n flag is
      specified.
    
    We do this by looking at the name of the kdc program to determine if
    we assume it's a Heimdal kdc or the MIT krb5kdc.
    
    Sponsored by:           The FreeBSD Foundation
    Differential revision:  https://reviews.freebsd.org/D50813
---
 libexec/rc/rc.conf  |  2 +-
 libexec/rc/rc.d/kdc | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf
index f88bd3919f8b..00f4b718bfad 100644
--- a/libexec/rc/rc.conf
+++ b/libexec/rc/rc.conf
@@ -326,7 +326,7 @@ resolv_enable="YES"		# Enable resolv / resolvconf
 # kerberos. Do not run the admin daemons on slave servers
 #
 kdc_enable="NO"			# Run a kerberos 5 KDC (or NO).
-kdc_program="/usr/libexec/kdc"	# path to kerberos 5 KDC
+kdc_program=""			# path to kerberos 5 KDC
 kdc_flags=""			# Additional flags to the kerberos 5 KDC
 kdc_restart="NO"		# Auto restart kdc on abnormal termination
 kdc_restart_delay=""		# Auto restart delay seconds
diff --git a/libexec/rc/rc.d/kdc b/libexec/rc/rc.d/kdc
index 621129b20164..204b08f1e99c 100755
--- a/libexec/rc/rc.d/kdc
+++ b/libexec/rc/rc.d/kdc
@@ -20,7 +20,22 @@ set_rcvar_obsolete kerberos5_server_enable kdc_enable
 set_rcvar_obsolete kerberos5_server kdc_program
 set_rcvar_obsolete kerberos5_server_flags kdc_flags
 
+default_kdc_programs='/usr/libexec/kdc /usr/libexec/kdc /usr/libexec/krb5kdc /usr/local/sbin/krb5kdc'
+
 load_rc_config $name
+
+# XXX Remove the following block of code when Heimdal is removed
+if [ -z "${kdc_program}" ]; then
+	for i in ${default_kdc_programs}; do
+		if [ -x "${i}" ]; then
+			kdc_program=${i}
+			break
+		fi
+	done
+fi
+
+command="${kdc_program}"
+
 if [ "${kdc_program}" = /usr/libexec/kdc -o \
      "${kdc_program}" = /usr/local/libexec/kdc ]; then
 	detach="--detach"