#!/bin/bash

#

# krb5kdc      Start and stop the Kerberos 5 servers.

#

# chkconfig:   - 35 65

# description: Kerberos 5 is a trusted third-party authentication system.  \

#	       This script starts and stops the server that Kerberos 5 \

#	       clients need to connect to in order to obtain credentials.

# processname: krb5kdc

# config: /etc/sysconfig/krb5kdc

# pidfile: /var/run/krb5kdc.pid

#

### BEGIN INIT INFO

# Provides: krb5kdc

# Required-Start: $local_fs $network

# Required-Stop: $local_fs $network

# Should-Start: portreserve

# Default-Start:

# Default-Stop: 0 1 2 3 4 5 6

# Short-Description: start and stop the Kerberos 5 KDC

# Description: The krb5kdc is the Kerberos 5 key distribution center, which \

#              issues credentials to Kerberos 5 clients.

### END INIT INFO

# Get config.

. /etc/sysconfig/network

# Get config.

[ -r /etc/sysconfig/krb5kdc ] && . /etc/sysconfig/krb5kdc

# Source function library.

. /etc/rc.d/init.d/functions

RETVAL=0

prog="Kerberos 5 KDC"

krb5kdc=/usr/sbin/krb5kdc

pidfile=/var/run/krb5kdc.pid

PATH=/usr/lib64/krb5:/usr/lib/krb5:"$PATH"

# Shell functions to cut down on useless shell instances.

start() {

	[ -x $krb5kdc ] || exit 5

	# check that some of the basic principal names don't only have weak

	# keys available. if they do, warn that they should be changed to

	# get some keys for stronger ciphers added

	if ! is_false "$KRB5CHECKWEAK" ; then

		localhost=`hostname`

		for principal in `kdb_check_weak -p "krbtgt/${KRB5REALM:+${KRB5REALM}@${KRB5REALM}}" "kadmin/admin${KRB5REALM:+@${KRB5REALM}}" "kadmin/changepw${KRB5REALM:+@${KRB5REALM}}" "kadmin/$localhost${KRB5REALM:+@${KRB5REALM}}"` ; do

			echo -n "Keys for $principal should be changed to include keys for non-weak ciphers." ; warning ; echo ""

		done

	fi

	echo -n $"Starting $prog: "

	# tell portreserve to release the kerberos-iv port

	[ -x /sbin/portrelease ] && /sbin/portrelease kerberos-iv &>/dev/null || :

	daemon ${krb5kdc} ${KRB5REALM:+-r ${KRB5REALM}} -P $pidfile $KRB5KDC_ARGS

	RETVAL=$?

	echo

	if test $RETVAL -ne 0 ; then

	    if status ${krb5kdc} > /dev/null ; then

		RETVAL=0

	    fi

	fi

	[ $RETVAL = 0 ] && touch /var/lock/subsys/krb5kdc

}

stop() {

	echo -n $"Stopping $prog: "

	killproc ${krb5kdc}

	RETVAL=$?

	echo

	[ $RETVAL = 0 ] && rm -f /var/lock/subsys/krb5kdc

}

reload() {

	echo -n $"Reopening $prog log file: "

	killproc ${krb5kdc} -HUP

        RETVAL=$?

	echo

}

# See how we were called.

case "$1" in

  start)

	start

	;;

  stop)

	stop

	;;

  restart)

	stop

	start

	;;

  reload)

        reload

        ;;

  status)

	status ${krb5kdc}

        RETVAL=$?

	;;

  condrestart)

	if [ -f /var/lock/subsys/krb5kdc ] ; then

		stop

		start

	fi

	;;

  *)

	echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"

	RETVAL=2

	;;

esac

exit $RETVAL