blob: 9347ed0db1b8a5338dcf9eab8b3266bb389510e0 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
#!/bin/sh
kdc_conf_dir=/usr/local/var/krb5kdc
kdc_master_key_path="${kdc_conf_dir}/master_key"
: ${kdc_max_life:='24h'}
: ${kdc_max_renewable_life:='7d'}
# Install MIT kerberos.
pkg install -y krb5
# Generate the system kerberos configuration.
install_template -m 0644 /etc/krb5.conf
ln -snfv /etc/krb5.conf /usr/local/etc/krb5.conf
# Generate KDC configuration files.
install_template -m 0644 \
"${kdc_conf_dir}/kdc.conf" \
"${kdc_conf_dir}/kadm5.acl"
# If the realm does not exist in LDAP, create it. Otherwise, stash the master key.
if is_primary_server && ! ldap_dn_exists "$kdc_basedn"; then
kdb5_ldap_util -P "$kdc_master_key" create -subtrees "$accounts_basedn" -sscope SUB -s
elif ! [ -f "$kdc_master_key_path" ]; then
kdb5_util -P "$kdc_master_key" stash
fi
# Start the KDC and kadmind.
sysrc -v \
kdc_program=/usr/local/sbin/krb5kdc \
kadmind_program=/usr/local/sbin/kadmind \
kdc_flags="" \
kdc_enable=YES \
kadmind_enable=YES
service kdc restart
service kadmind restart
|
