[Bug 197337] rc.d/kdc missing with WITHOUT_KERBEROS, but Kerberos ports need it

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Fri Feb 6 13:57:11 UTC 2015


--- Comment #11 from mcdouga9 at egr.msu.edu ---
"There is no elegant solution to having MIT KRB5 and Heimdal KRB5 (in base or
ports) to simply share the same startup scripts without a hack (detection of
whether --detach should be used or not)."  <- There was, and it was removed by

To be fair, I don't use kadmind now but I suspect I had it running in the past
from rc scripts.

Up to and including 10.0-RELEASE /etc/defaults/rc.conf contained:
kerberos5_server_flags="--detach" # Additional flags to the kerberos 5 server

I could override it in /etc/rc.conf using:
# MIT Kerberos does not support --detach in default flags, override with empty

Because /etc/rc.d/kerberos contained:

This usage case was supported up until 10.1 where there was a regression
because support for reading flags from rc.conf was removed.  It did feel
slightly odd to use an empty string to avoid default arguments, but it only
required editing standard configuration files so I didn't consider it a hack.

I forgot about reporting the --detach issue because it was a lesser issue
compared to the script not existing, but someone else recently reported it:

I don't have integration problems with the rest of MIT Kerberos such as
propagation, I setup a cron job and inetd for that.

I'm in favor of an improved solution and I'm delighted it is being discussed,
but just pointing out these two issues are regressions from 10.0-RELEASE in a
stable branch.  I hope it can be solved by ports changes or at least the
regressions corrected before the next FreeBSD release.  Thank you all for being

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list