From nobody Wed Apr 05 13:46:19 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ps5Wt51Fyz43VcS for ; Wed, 5 Apr 2023 13:46:34 +0000 (UTC) (envelope-from danm@prime.gushi.org) Received: from prime.gushi.org (prime.gushi.org [IPv6:2620:137:6000:10::142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "prime.gushi.org", Issuer "RapidSSL Global TLS RSA4096 SHA256 2022 CA1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ps5Ws2y3tz3Nw6; Wed, 5 Apr 2023 13:46:33 +0000 (UTC) (envelope-from danm@prime.gushi.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gushi.org header.s=prime2014 header.b=joirryyz; spf=pass (mx1.freebsd.org: domain of danm@prime.gushi.org designates 2620:137:6000:10::142 as permitted sender) smtp.mailfrom=danm@prime.gushi.org; dmarc=pass (policy=none) header.from=gushi.org Received: from prime.gushi.org (localhost [127.0.0.1]) by prime.gushi.org (8.16.1/8.16.1) with ESMTPS id 335DkK4q097932 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 5 Apr 2023 06:46:21 -0700 (PDT) (envelope-from danm@prime.gushi.org) DKIM-Filter: OpenDKIM Filter v2.10.3 prime.gushi.org 335DkK4q097932 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gushi.org; s=prime2014; t=1680702381; bh=26MfLDV5GmWvMxst0PPZ3HMgDMIzM3uw7UYKricy3N4=; h=Date:From:To:cc:Subject; z=Date:=20Wed,=205=20Apr=202023=2006:46:19=20-0700=20(PDT)|From:=20 "Dan=20Mahoney=20(Gushi)"=20|To:=20questions@fr eebsd.org|cc:=20cy@freebsd.org|Subject:=20Fixing=20the=20"kdc"=20s tartup=20file.; b=joirryyzVNwxWEWHXWpbVhhx3WsSAVGVqw4nngjw/xqbC+lqoqS3pHFXsOkDC+6FH UQk69dFmRcEJ5HPx1ZwsWHau8veIKYXekueSJOGoVbT6TlqX5ezu2cgNFhGjOFdwop h/0o0W/Ojb2sStimdV5glmKFfSubknQUvff3ijzHO/E5A0w0B0Se8LBotN6iineQOn uQh5wthxGwHqilOD6HUoC+eSEaXpTQuBtTdVKlQF8m9ylCFAVoPWFKjgBpsAB7thM7 uFMw/TwhCNBZKwwGqFAzB+EoSGGrJRR5bejk10wGAgk+DTNVFFZloanCuFsLkudmz5 wkhZ/dUt3bwgw== Received: (from danm@localhost) by prime.gushi.org (8.16.1/8.16.1/Submit) id 335DkKjh097930; Wed, 5 Apr 2023 06:46:20 -0700 (PDT) (envelope-from danm) Date: Wed, 5 Apr 2023 06:46:19 -0700 (PDT) From: "Dan Mahoney (Gushi)" To: questions@freebsd.org cc: cy@freebsd.org Subject: Fixing the "kdc" startup file. Message-ID: <48fa4fc5-76c0-3cd1-eda6-bc71dbcd4db3@prime.gushi.org> X-OpenPGP-Key-ID: 0x624BB249 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (prime.gushi.org [0.0.0.0]); Wed, 05 Apr 2023 13:46:30 +0000 (UTC) X-Spamd-Result: default: False [-6.40 / 15.00]; DWL_DNSWL_MED(-2.00)[gushi.org:dkim]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[gushi.org,none]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; FORGED_SENDER(0.30)[freebsd@gushi.org,danm@prime.gushi.org]; R_DKIM_ALLOW(-0.20)[gushi.org:s=prime2014]; R_SPF_ALLOW(-0.20)[+a]; RCVD_IN_DNSWL_MED(-0.20)[2620:137:6000:10::142:from]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[questions@freebsd.org]; DKIM_TRACE(0.00)[gushi.org:+]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; MID_RHS_MATCH_FROMTLD(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; ASN(0.00)[asn:393507, ipnet:2620:137:6000::/44, country:US]; TO_DN_NONE(0.00)[]; FROM_NEQ_ENVFROM(0.00)[freebsd@gushi.org,danm@prime.gushi.org] X-Rspamd-Queue-Id: 4Ps5Ws2y3tz3Nw6 X-Spamd-Bar: ------ X-ThisMailContainsUnwantedMimeParts: N Hey there all, I'm hitting the issue where we use MIT krb5kdc at work, but the port doesn't provide its own startup file Previously, I'd been told (I think by the maintainer) to just set kdc_program and the like in rc.conf, but that really doesn't solve things: the one in base is sorely lacking (find_proc doesn't work with it, it doesn't restart cleanly, it doesn't give you a way to have krb5kdc specify a pid file). Setting things like: kdc_pidfile=/var/run/krb5kdc.pid kdc_args="-P /var/run/krb5kdc.pid" in rc.conf do nothing because the existing rc.d script doesn't provide a way to override them. For starters: Heimdal has no pidfile support, bit it could get one if launched under daemon(1) -- heimdal doesn't even detach by default -- the rc.d file sets --detach. MIT only creates one if you specify -P, and there's no corresponding kdc.conf knob. While we're at it, ==== There's this very old bug that references this, last touched in 2020, closed unsuccessful. I want to fix it. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197337 ==== I've written a number of startup files for our own services at work (we use puppet, so it relies on the built-in BSD framework to start, stop, and refresh services cleanly). If I supplied startup files for mitkdc, mitkadmin, mitkpropd, would they be useful? I'll note, this is not an "urgent" thing. I'm planning to be at BSDCan. If others want to meet me there and hack on this, I'm a chunky guy with blue hair and am hard to miss. -Dan -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org ---------------------------