[Bug 205146] [patch] Kerberos section of Handbook is inconsistent with system

2016-02-24 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205146

Jason Helfman  changed:

   What|Removed |Added

 CC||j...@freebsd.org
   Assignee|freebsd-doc@FreeBSD.org |j...@freebsd.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-doc@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-doc
To unsubscribe, send any mail to "freebsd-doc-unsubscr...@freebsd.org"

[Bug 205146] [patch] Kerberos section of Handbook is inconsistent with system

2015-12-08 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205146

Bug ID: 205146
   Summary: [patch] Kerberos section of Handbook is inconsistent
with system
   Product: Documentation
   Version: Latest
  Hardware: Any
OS: Any
Status: New
  Keywords: patch
  Severity: Affects Many People
  Priority: ---
 Component: Documentation
  Assignee: freebsd-doc@FreeBSD.org
  Reporter: ke...@bostoncrypto.com
  Keywords: patch

Created attachment 163997
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=163997=edit
Patch for Security Chapter of Handbook

I have found that there are several inconsistencies between the Kerberos
setup instructions of the handbook and the behavior of STABLE and
CURRENT, due to renamed daemons, rc scripts, etc.

Using the rc.conf variables suggested in the Handbook results in the
following warnings:

"/etc/rc.d/kadmind: WARNING: $kadmind5_server_enable is obsolete.  Use
$kadmind_enable instead.
/etc/rc.d/kadmind: WARNING: $kerberos5_server_enable is obsolete.  Use
$kdc_enable instead."

Furthermore, even attempting to start the service with
"service kerberos enable", as suggested in the Handbook, simply fails with
"kerberos does not exist in /etc/rc.d or the local startup
directories (/usr/local/etc/rc.d)"

I believe Bug ID 204788 also complains of at least some of these
problems, and I am attaching a patch which I believe fixes at least those
issues I mention above.

Furthermore, the man page for rc.conf would also appear to be out of 
date; no mention of the "kdc_enable" option is made, even though that
would seem to be the correct way to enable the Heimdal server included
in base.  However, while the presence of "kerberos5_server_enable" would
seem to be outdated, according to warnings as quoted above, the variable
"kerberos5_server", which can assign an arbitrary path to a daemon of
choice, might keep the presence of this option relevant.  A similar 
argument could be made for "kadmind5_server_enable" and 
"kadmind5_server".

So, while I think "kdc_enable" and "kadmind_enable" should certainly be
added to the man page, I am not sure whether they should replace or
merely augment the current options.  I'll be happy to submit a patch if
someone can offer me guidance in this regard.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-doc@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-doc
To unsubscribe, send any mail to "freebsd-doc-unsubscr...@freebsd.org"

[Bug 205146] [patch] Kerberos section of Handbook is inconsistent with system

2015-12-08 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205146

Benjamin Kaduk  changed:

   What|Removed |Added

 Status|New |Open
 CC||b...@freebsd.org

--- Comment #1 from Benjamin Kaduk  ---
(In reply to Kevin Kammer from comment #0)

The Handbook attempts to document all supported versions of FreeBSD, and for
quite some time after the addition of the kdc_enable and kadmind_enable
settings in rc.conf on HEAD, they were not available in the 8.x series which
remained in support.  Since the old forms still worked, I ended up not updating
the handbook the last time I looked at this issue, since crafting text to cover
different behavior on different versions is difficult and can be confusing to
the reader.  I think at this point, though, all supported versions can use the
new syntax, so we should go ahead with this change; thanks for putting together
the patch.

With respect to the manual page, please feel free to compose a patch that uses
{kdc,kadmind}_enable to replace the previous versions.  If you do, it should
probably go in a separate bug entry.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-doc@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-doc
To unsubscribe, send any mail to "freebsd-doc-unsubscr...@freebsd.org"