[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Automated Kerberos installation ready



Maximilian Wilhelm wrote:
Hi Volks!

I've used the last night to finish automated Kerberos installatin in
Skolelinux :-)

I've build a package that does the following

1. install: krb5-admin-server, krb5-kdc, krb5-user, krb5-config,
            ssh-krb5, libpam-krb5 (done by Pre-Depends)

2. Overwrite the config from krb5-admin-server and krb5-kdc.
   (How can I omit the interactive questions from debconf?)

3. Create the Kerberos database with help of an expect-script and set up
   all things needed to use Kerberos including a small selfwritten tool
   for user/principal adminstration. (bash-script)

4. Put Kerberos enable ssh-configs to /etc/ssh

5. Create a keytab for tjener and put it into the right place.


I have further made a patch for WLUS to create and delete Kerberos
Principals (I'm not sure, how exactly password changing is done, so
I did not do anything there, but it's rather easy to include my
bash-script into WLUS.


Some words to the package contents:
 I've put some scripts together to allow simple administration of Kerberos.
 In /usr/share/debian-edu-krb5 you'll find 3 directories
1. setup Here is all stuff, needed at install time.
 2. bin		Here are the "binaries" used to maintain Kerberos
 3. tmp		Should be clear :)

 and on file "ldap-users.pl.diff" which brings Kerberos support to WLUS.

 The "binaries":
 1. addHost	Tool, used to create and distribute clients keytabs
 2. delHost	Tool, used to delete clients out of the Kerberos DB
 3. krb5user	Tool for "administrating" user principals


So if you have install debian-edu-krb5, you can you Kerberos
nearly-out-of-the-box.

Want check that out?
Do so:
deb http://debian.rfc3514.org/debian/debian-edu-krb5/ ./

apt-get install debian-edu-krb5
At both debconf questions simply hit enter, everything will be fine,
whatever you enter :)

But be aware: This is the first candidate and for testing purposes only
at the moment :-)

Sorry - your package is too specific for me for anything but inspiration: Skolelinux default are hardcoded all over (instead of the relatively few Skolelinux-specific values isolated in a master conffile and applied using m4 or similar).

I do have some more general suggestions/comments on your coding style, however. Use whatever you can - please don't get offended if my assumptions are wrong in some of it (they quite likely are):


 * Use "cp -p" instead of just "cp" when backing up old files
 * Write both copyright and licensing info (a cow is _not_ enough ;-) )
 * Use "set -e" in shell scripts to fail on errors
 * Avoid piping to /dev/null - it might be crucial warnings you hide
   - instead (for bin/krbuser) implement --silent option
 * Avoid hardcoding -x when debugging - instead use "sh -x script.sh"
 * In perl use 'system "echo" $arg' instead of 'system "echo $arg"'
 * Why hide common functions? Just don't make it executable
 * Use mktemp instead of a hardcoded static secret tempdir
 * Use /bin/sh instead of /bin/bash if at all possible
 * postinst must be idempotent: Try configure twice...
 * Remove irrelevant parts of debian/rules
 * Seems you have old code in debian-edu-krb5-0.1 subfolder


 - Jonas

--
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136  Website: http://dr.jones.dk/

 - Enden er nær: http://www.shibumi.org/eoti.htm



Reply to: