Date: | Tue, 23 Dec 2003 17:20:10 -0600 (CST) |
From: | Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu> |
To: | krb5-bugs@mit.edu |
Subject: | undocumented options for kpropd |
While setting up kpropd on a machine that is going to act as a secondary
KDC for multiple realms, I needed a way to specify a location to the
realm-specific kpropd.acl.
I found it in the `-a acl_file' option to kpropd, but it turns out that
option is not documented in the kpropd man page. I have a patch that adds
some verbiage about the option.
I also noticed that `-s srvtab' is not documented in the man page, but I'm
not certain what the right verbiage is to include in the man page, so I
have not added that. If someone wants to give me a short blurb with what
the man page would say, I'll doctor up the man page to include that too.
Finally, the parsing of the `-a' option in kpropd.c has a minor formatting
issue, so that the
case 'a':
appears indented too far (it's hiding under the "case 'S':", and is easy
to miss). This doesn't affect functionality at all, it only affects
people viewing the source.
Tim
--
Tim Mooney mooney@dogbert.cc.ndsu.NoDak.edu
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
diff -ur krb5-1.3.1.orig/src/slave/kpropd.M krb5-1.3.1/src/slave/kpropd.M
--- krb5-1.3.1.orig/src/slave/kpropd.M 2001-09-24 18:09:24.000000000 -0500
+++ krb5-1.3.1/src/slave/kpropd.M 2003-12-23 16:45:53.000000000 -0600
@@ -119,11 +119,19 @@
.I kpropd
to listen on. This is only useful if the program is run in standalone
mode.
+.TP
+.B \-a
+allows the user to specify the path to the
+.IR kpropd.acl
+file; by default the path used is KPROPD_ACL_FILE
+(normally /usr/local/var/krb5kdc/kpropd.acl).
.SH FILES
.TP "\w'kpropd.acl\ \ 'u"
kpropd.acl
Access file for
-.BR kpropd .
+.BR kpropd
+, the default location is KPROPD_ACL_FILE (normally
+/usr/local/var/krb5kdc/kpropd.acl).
Each entry is a line containing the principal of a host from which the
local machine will allow Kerberos database propagation via kprop.
.SH SEE ALSO
diff -ur krb5-1.3.1.orig/src/slave/kpropd.c krb5-1.3.1/src/slave/kpropd.c
--- krb5-1.3.1.orig/src/slave/kpropd.c 2001-12-06 13:02:05.000000000 -0600
+++ krb5-1.3.1/src/slave/kpropd.c 2003-12-23 17:01:28.000000000 -0600
@@ -478,7 +478,7 @@
case 'S':
standalone++;
break;
- case 'a':
+ case 'a':
if (*word)
acl_file_name = word;
else