From mdg@secureworks.net  Thu Oct  2 07:42:28 2003
Return-Path: <mdg@secureworks.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8860316A4B3
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  2 Oct 2003 07:42:28 -0700 (PDT)
Received: from mail.secureworks.net (mail.secureworks.net [209.101.212.155])
	by mx1.FreeBSD.org (Postfix) with SMTP id 31FFF43FA3
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  2 Oct 2003 07:42:25 -0700 (PDT)
	(envelope-from mdg@secureworks.net)
Received: (qmail 55924 invoked from network); 2 Oct 2003 14:39:56 -0000
Received: from unknown (HELO HOST-192-168-10-225.internal.secureworks.net) (209.101.212.253)
  by mail.secureworks.net with SMTP; 2 Oct 2003 14:39:56 -0000
Message-Id: <20031002103807.T86165@localhost>
Date: Thu, 2 Oct 2003 10:42:01 -0400 (EDT)
From: Matthew George <mdg@secureworks.net>
To: FreeBSD-gnats-submit@freebsd.org
Subject: [PATCH] no k5passwdd in rc.network, defaults/rc.conf

>Number:         57497
>Category:       conf
>Synopsis:       [PATCH] no k5passwdd in rc.network, defaults/rc.conf
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Oct 02 07:50:16 PDT 2003
>Closed-Date:    Thu Oct 02 08:27:40 PDT 2003
>Last-Modified:  Thu Oct  2 08:30:19 PDT 2003
>Originator:     Matthew George <mdg@secureworks.net>
>Release:        FreeBSD 4.8-RELEASE-p1 i386
>Organization:
SecureWorks
>Environment:
System: FreeBSD fbsd.secureworks.net 4.8-RELEASE-p1 FreeBSD 4.8-RELEASE-p1 #4: Thu Sep 25 12:29:50 EDT 2003 mdg@fbsd.secureworks.net:/usr/src/sys/compile/SW-GENERIC-SMP i386



>Description:

There is support for loading k5admind out of rc, but not k5passwdd

>How-To-Repeat:

>Fix:

--- etc/rc.network.orig	Thu Oct  2 10:26:52 2003
+++ etc/rc.network	Thu Oct  2 10:28:54 2003
@@ -798,6 +798,14 @@
 			;;
 		esac
 		;;
+
+		case ${kpasswdd5_server_enable} in
+		[Yy][Ee][Ss])
+			echo -n ' kpasswdd5'
+			${kpasswdd5_server} &
+			;;
+		esac
+		;;
 	esac

 	case ${pppoed_enable} in


--- etc/defaults/rc.conf.orig	Thu Oct  2 10:31:13 2003
+++ etc/defaults/rc.conf	Thu Oct  2 10:30:59 2003
@@ -134,6 +134,8 @@
 kerberos5_server="/usr/libexec/kdc"	# path to kerberos 5 KDC
 kadmind5_server_enable="NO"	# Run kadmind (or NO)
 kadmind5_server="/usr/libexec/k5admind"	# path to kerberos 5 admin daemon
+kpasswdd5_server_enable="NO"	# Run kpasswdd (or NO)
+kpasswdd5_server="/usr/libexec/k5passwdd" # path to kerberos 5 passwd daemon
 kerberos_stash="NO"		# Is the kerberos master key stashed?

 rwhod_enable="NO"		# Run the rwho daemon (or NO).


-- 
Matthew George
SecureWorks Technical Operations

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: roam 
State-Changed-When: Thu Oct 2 08:23:59 PDT 2003 
State-Changed-Why:  

This is actually done in 4.8-STABLE (soon to be 4.9-RELEASE), but 
the change was made after 4.8-RELEASE was out.  If your point is 
that this is not present in the 4.8 security branch, you'll have 
to talk to the Security Officer team <security-officer@FreeBSD.org>, 
but IMHO, since this is not a vulnerability fix per se, but rather 
just added functionality, it would not be very likely that they will 
approve merging it into the 4.8 security branch, especially as 
it *will* be present in the soon-to-come 4.9 release. 

Still, thanks for your contribution! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=57497 

From: Matthew George <mdg@secureworks.net>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Cc:  
Subject: Re: conf/57497: [PATCH] no k5passwdd in rc.network, defaults/rc.conf
Date: Thu, 2 Oct 2003 11:20:03 -0400 (EDT)

 oops ... cut and paste error
 here's the correct patch for rc.network:
 
 --- etc/rc.network.orig	Thu Oct  2 10:26:52 2003
 +++ etc/rc.network	Thu Oct  2 11:12:02 2003
 @@ -797,6 +797,13 @@
  			${kadmind5_server} &
  			;;
  		esac
 +
 +		case ${kpasswdd5_server_enable} in
 +		[Yy][Ee][Ss])
 +			echo -n ' kpasswdd5'
 +			${kpasswdd5_server} &
 +			;;
 +		esac
  		;;
  	esac
 
 
 -- 
 Matthew George
 SecureWorks Technical Operations
 
>Unformatted:
