NOTE: Special care is required with this patch. Specifically, it needs
to be synchronized with this patch: https://github.com/krb5/krb5/pull/45

The background here is the desire of SELinux folks to move the sockets
into /run. MIT has agreed to use the new runstatedir in autoconf git
master (soon to be 2.70). This change has been applied upstream and will
be part of the 1.13 release. The major downside is that this patch is
backwards incompatible.

In the interest of making backwards incompatible changes as quickly as
possible before increased adoption, Nalin and I have agreed to backport
this patch to rawhide. We are also strongly considering a backport to
F20.

Nathaniel
>From 887caa082f70aa726aacb4e969c168f8b58bc987 Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccal...@redhat.com>
Date: Fri, 7 Feb 2014 11:56:33 -0500
Subject: [PATCH] Move ipa-otpd socket directory

https://fedorahosted.org/freeipa/ticket/4167
---
 daemons/configure.ac                | 6 +++---
 daemons/ipa-otpd/Makefile.am        | 2 +-
 daemons/ipa-otpd/ipa-otpd.socket.in | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/daemons/configure.ac b/daemons/configure.ac
index 3cdb9384c116e73a19c605a3c9401661772cf4d1..b4507a6d972f854331925e72869898576bdfd76f 100644
--- a/daemons/configure.ac
+++ b/daemons/configure.ac
@@ -60,10 +60,10 @@ AC_CHECK_LIB(k5crypto, main, [krb5crypto=k5crypto], [krb5crypto=crypto])
 AC_CHECK_LIB(krad, main, [], [AC_MSG_ERROR([libkrad not found])])
 KRB5_LIBS="-lkrb5 -l$krb5crypto -lcom_err"
 KRAD_LIBS="-lkrad"
-krb5kdcdir="${localstatedir}/kerberos/krb5kdc"
+krb5rundir="${localstatedir}/run/krb5kdc"
 AC_SUBST(KRB5_LIBS)
 AC_SUBST(KRAD_LIBS)
-AC_SUBST(krb5kdcdir)
+AC_SUBST(krb5rundir)
 
 dnl ---------------------------------------------------------------------------
 dnl - Check for Mozilla LDAP and OpenLDAP SDK
@@ -339,7 +339,7 @@ echo "
         sysconfdir:               ${sysconfdir}
         localstatedir:            ${localstatedir}
         datadir:                  ${datadir}
-        krb5kdcdir:               ${krb5kdcdir}
+        krb5rundir:               ${krb5rundir}
         systemdsystemunitdir:     ${systemdsystemunitdir}
         source code location:     ${srcdir}
         compiler:                 ${CC}
diff --git a/daemons/ipa-otpd/Makefile.am b/daemons/ipa-otpd/Makefile.am
index af82a5fe08856573d2d245608ba1dbaad171c7fe..83921748426d801e1edeec23f956689be5fe98b5 100644
--- a/daemons/ipa-otpd/Makefile.am
+++ b/daemons/ipa-otpd/Makefile.am
@@ -9,7 +9,7 @@ systemdsystemunit_DATA = ipa-otpd.socket ipa-otpd@.service
 ipa_otpd_SOURCES = bind.c forward.c main.c parse.c query.c queue.c stdio.c
 
 %.socket: %.socket.in
-	@sed -e 's|@krb5kdcdir[@]|$(krb5kdcdir)|g' \
+	@sed -e 's|@krb5rundir[@]|$(krb5rundir)|g' \
 	     -e 's|@UNLINK[@]|@UNLINK@|g' \
 	     $< > $@
 
diff --git a/daemons/ipa-otpd/ipa-otpd.socket.in b/daemons/ipa-otpd/ipa-otpd.socket.in
index b968beaa7b9e68c43b2c5386b62c096fa8b97764..ce3596d9f01b26e3e8bd63f447f85a486c8e0dff 100644
--- a/daemons/ipa-otpd/ipa-otpd.socket.in
+++ b/daemons/ipa-otpd/ipa-otpd.socket.in
@@ -2,8 +2,8 @@
 Description=ipa-otpd socket
 
 [Socket]
-ListenStream=@krb5kdcdir@/DEFAULT.socket
-ExecStopPre=@UNLINK@ @krb5kdcdir@/DEFAULT.socket
+ListenStream=@krb5rundir@/DEFAULT.socket
+ExecStopPre=@UNLINK@ @krb5rundir@/DEFAULT.socket
 SocketMode=0600
 Accept=true
 
-- 
1.8.5.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to