[krbdev.mit.edu #2087] undocumented options for kpropd

mooney@dogbert.cc.ndsu.NoDak.edu via RT rt-comment at krbdev.mit.edu
Tue Dec 23 18:20:18 EST 2003 


While setting up kpropd on a machine that is going to act as a secondary
KDC for multiple realms, I needed a way to specify a location to the
realm-specific kpropd.acl.

I found it in the `-a acl_file' option to kpropd, but it turns out that
option is not documented in the kpropd man page.  I have a patch that adds
some verbiage about the option.

I also noticed that `-s srvtab' is not documented in the man page, but I'm
not certain what the right verbiage is to include in the man page, so I
have not added that.  If someone wants to give me a short blurb with what
the man page would say, I'll doctor up the man page to include that too.

Finally, the parsing of the `-a' option in kpropd.c has a minor formatting
issue, so that the

	case 'a':

appears indented too far (it's hiding under the "case 'S':", and is easy
to miss).  This doesn't affect functionality at all, it only affects
people viewing the source.

Tim
-- 
Tim Mooney                              mooney at dogbert.cc.ndsu.NoDak.edu
Information Technology Services         (701) 231-1076 (Voice)
Room 242-J6, IACC Building              (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164


diff -ur krb5-1.3.1.orig/src/slave/kpropd.M krb5-1.3.1/src/slave/kpropd.M
--- krb5-1.3.1.orig/src/slave/kpropd.M	2001-09-24 18:09:24.000000000 -0500
+++ krb5-1.3.1/src/slave/kpropd.M	2003-12-23 16:45:53.000000000 -0600
@@ -119,11 +119,19 @@
 .I kpropd
 to listen on. This is only useful if the program is run in standalone
 mode.
+.TP
+.B \-a
+allows the user to specify the path to the
+.IR kpropd.acl
+file; by default the path used is KPROPD_ACL_FILE
+(normally /usr/local/var/krb5kdc/kpropd.acl).
 .SH FILES
 .TP "\w'kpropd.acl\ \ 'u"
 kpropd.acl
 Access file for
-.BR kpropd .
+.BR kpropd
+, the default location is KPROPD_ACL_FILE (normally
+/usr/local/var/krb5kdc/kpropd.acl).
 Each entry is a line containing the principal of a host from which the
 local machine will allow Kerberos database propagation via kprop.
 .SH SEE ALSO
diff -ur krb5-1.3.1.orig/src/slave/kpropd.c krb5-1.3.1/src/slave/kpropd.c
--- krb5-1.3.1.orig/src/slave/kpropd.c	2001-12-06 13:02:05.000000000 -0600
+++ krb5-1.3.1/src/slave/kpropd.c	2003-12-23 17:01:28.000000000 -0600
@@ -478,7 +478,7 @@
 				case 'S':
 					standalone++;
 					break;
-				   case 'a':
+				case 'a':
 					if (*word)
 					     acl_file_name = word;
 					else

More information about the krb5-bugs mailing list