Re: Automated Kerberos installation ready
Maximilian Wilhelm wrote:
I've used the last night to finish automated Kerberos installatin in
I've build a package that does the following
1. install: krb5-admin-server, krb5-kdc, krb5-user, krb5-config,
ssh-krb5, libpam-krb5 (done by Pre-Depends)
2. Overwrite the config from krb5-admin-server and krb5-kdc.
(How can I omit the interactive questions from debconf?)
3. Create the Kerberos database with help of an expect-script and set up
all things needed to use Kerberos including a small selfwritten tool
for user/principal adminstration. (bash-script)
4. Put Kerberos enable ssh-configs to /etc/ssh
5. Create a keytab for tjener and put it into the right place.
I have further made a patch for WLUS to create and delete Kerberos
Principals (I'm not sure, how exactly password changing is done, so
I did not do anything there, but it's rather easy to include my
bash-script into WLUS.
Some words to the package contents:
I've put some scripts together to allow simple administration of Kerberos.
In /usr/share/debian-edu-krb5 you'll find 3 directories
1. setup Here is all stuff, needed at install time.
2. bin Here are the "binaries" used to maintain Kerberos
3. tmp Should be clear :)
and on file "ldap-users.pl.diff" which brings Kerberos support to WLUS.
1. addHost Tool, used to create and distribute clients keytabs
2. delHost Tool, used to delete clients out of the Kerberos DB
3. krb5user Tool for "administrating" user principals
So if you have install debian-edu-krb5, you can you Kerberos
Want check that out?
deb http://debian.rfc3514.org/debian/debian-edu-krb5/ ./
apt-get install debian-edu-krb5
At both debconf questions simply hit enter, everything will be fine,
whatever you enter :)
But be aware: This is the first candidate and for testing purposes only
at the moment :-)
Sorry - your package is too specific for me for anything but
inspiration: Skolelinux default are hardcoded all over (instead of the
relatively few Skolelinux-specific values isolated in a master conffile
and applied using m4 or similar).
I do have some more general suggestions/comments on your coding style,
however. Use whatever you can - please don't get offended if my
assumptions are wrong in some of it (they quite likely are):
* Use "cp -p" instead of just "cp" when backing up old files
* Write both copyright and licensing info (a cow is _not_ enough ;-) )
* Use "set -e" in shell scripts to fail on errors
* Avoid piping to /dev/null - it might be crucial warnings you hide
- instead (for bin/krbuser) implement --silent option
* Avoid hardcoding -x when debugging - instead use "sh -x script.sh"
* In perl use 'system "echo" $arg' instead of 'system "echo $arg"'
* Why hide common functions? Just don't make it executable
* Use mktemp instead of a hardcoded static secret tempdir
* Use /bin/sh instead of /bin/bash if at all possible
* postinst must be idempotent: Try configure twice...
* Remove irrelevant parts of debian/rules
* Seems you have old code in debian-edu-krb5-0.1 subfolder
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
- Enden er nær: http://www.shibumi.org/eoti.htm