[debian-edu-commits] debian-edu/ 01/02: Rather use a Debian Edu related directory to store host keytabs.

Wolfgang Schweer schweer-guest at moszumanska.debian.org
Tue May 29 12:46:58 BST 2018 

This is an automated email from the git hooks/post-receive script.

schweer-guest pushed a commit to branch master
in repository debian-edu-config.

commit 432d1f29b34757e149a2d823ccf7667b252fdd14
Author: Wolfgang Schweer <wschweer at arcor.de>
Date:   Tue May 29 13:38:48 2018 +0200

    Rather use a Debian Edu related directory to store host keytabs.
    
    Adjust these files to use /etc/debian-edu/host-keytabs:
    
    debian/dirs
    share/debian-edu-config/tools/edu-ldap-from-scratch
    share/debian-edu-config/tools/gosa-create-host
    share/debian-edu-config/tools/gosa-modify-host
    share/debian-edu-config/tools/gosa-remove-host
---
 debian/dirs                                         | 1 +
 share/debian-edu-config/tools/edu-ldap-from-scratch | 1 +
 share/debian-edu-config/tools/gosa-create-host      | 4 ++--
 share/debian-edu-config/tools/gosa-modify-host      | 2 ++
 share/debian-edu-config/tools/gosa-remove-host      | 7 +------
 5 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/debian/dirs b/debian/dirs
index 7527c48..61e5c27 100644
--- a/debian/dirs
+++ b/debian/dirs
@@ -6,6 +6,7 @@ etc/courier
 etc/cron.d
 etc/cups
 etc/debian-edu
+etc/debian-edu/host-keytabs
 etc/default
 etc/firefox-esr
 etc/init.d
diff --git a/share/debian-edu-config/tools/edu-ldap-from-scratch b/share/debian-edu-config/tools/edu-ldap-from-scratch
index e0472b9..26cf99c 100755
--- a/share/debian-edu-config/tools/edu-ldap-from-scratch
+++ b/share/debian-edu-config/tools/edu-ldap-from-scratch
@@ -56,6 +56,7 @@ sleep 1
 if [ -e /etc/krb5kdc/stash ] ; then
     rm /etc/krb5kdc/stash
     rm /etc/krb5.keyt*
+    rm /etc/debian-edu/host-keytabs/krb5.keyt*
 fi
 ldap-debian-edu-install
 # send mail to first user (initialize /var/mail/<first-user uid>);
diff --git a/share/debian-edu-config/tools/gosa-create-host b/share/debian-edu-config/tools/gosa-create-host
index 710eaec..f8c6304 100755
--- a/share/debian-edu-config/tools/gosa-create-host
+++ b/share/debian-edu-config/tools/gosa-create-host
@@ -49,8 +49,8 @@ while read KEY VALUE ; do
 			    logger -t gosa-create-host -p notice Krb5 principal \'host/$FQDN\' created.
 			    kadmin.local -q "add_principal -policy hosts -randkey nfs/$FQDN"
 			    logger -t gosa-create-host -p notice Krb5 principal \'nfs/$FQDN\' created.
-			    kadmin.local -q "ktadd -k /root/keytabs/$FQDN.keytab host/$FQDN"
-			    kadmin.local -q "ktadd -k /root/keytabs/$FQDN.keytab nfs/$FQDN"
+			    kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$FQDN.keytab host/$FQDN"
+			    kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$FQDN.keytab nfs/$FQDN"
 			    logger -t gosa-create-host -p notice Krb5 keytab file for \'$FQDN\' created.
 			fi
 			;;
diff --git a/share/debian-edu-config/tools/gosa-modify-host b/share/debian-edu-config/tools/gosa-modify-host
index a4a4336..6e5fd3b 100755
--- a/share/debian-edu-config/tools/gosa-modify-host
+++ b/share/debian-edu-config/tools/gosa-modify-host
@@ -8,6 +8,8 @@ set -ex
 HOST="$1"
 
 /usr/share/debian-edu-config/tools/gosa-create-host $HOST
+kadmin.local -q "add_principal -policy hosts -randkey host/$HOST.intern"
+kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern"
 # update services:
 /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs
 
diff --git a/share/debian-edu-config/tools/gosa-remove-host b/share/debian-edu-config/tools/gosa-remove-host
index 9d012d7..49ec560 100755
--- a/share/debian-edu-config/tools/gosa-remove-host
+++ b/share/debian-edu-config/tools/gosa-remove-host
@@ -12,15 +12,10 @@ set -ex
 HOST="$1"
 
 ## delete host's nfs principal and keytab file;
-## the host principal is already removed, no need doing it here again:
-#kadmin.local delprinc nfs/$HOST.intern
-#logger -t gosa-remove-host -p notice Krb5 principal \'nfs/$HOST.intern\' removed.
-#rm /etc/$HOST.intern.keytab
-#logger -t gosa-remove-host -p notice Krb5 keytab file for \'$HOST.intern\' removed.
 for i in $(kadmin.local listprincs | grep $HOST) ; do
     kadmin.local delprinc $i
     done
-rm /root/keytabs/$(ls -l /root/keytabs | grep $HOST | awk '{print $9}')
+rm /etc/debian-edu/host-keytabs/$(ls -l /etc/debian-edu/host-keytabs | grep $HOST | awk '{print $9}')
 #
 
 # update services:

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git

More information about the debian-edu-commits mailing list