pkgsrc/security/kstart/Makefile

# $NetBSD: Makefile,v 1.6 2020/05/31 09:36:44 rillig Exp $

DISTNAME=	kstart-4.2
CATEGORIES=	sysutils
MASTER_SITES=	http://archives.eyrie.org/software/kerberos/

MAINTAINER=	jakllsch@NetBSD.org
HOMEPAGE=	https://www.eyrie.org/~eagle/software/kstart/
COMMENT=	Kerberos v5 kinit daemon that uses keytabs
LICENSE=	mit

GNU_CONFIGURE=	yes

CONFIGURE_ARGS+=	--enable-setpag

# As the NetBSD base system doesn't ship with afslog
# and pkgsrc heimdal and pkgsrc openafs conflict;
# the path to (ak|afs)log is configurable.

BUILD_DEFS+= KSTART_PATH_AKLOG
KSTART_PATH_AKLOG?= ${PREFIX}/bin/afslog
.include "../../mk/bsd.prefs.mk"
CONFIGURE_ARGS+=	--with-aklog=${KSTART_PATH_AKLOG:Q}

.include "../../mk/krb5.buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
security/kstart: remove unknown configure option 2020-05-31 11:36:44 +02:00			`# $NetBSD: Makefile,v 1.6 2020/05/31 09:36:44 rillig Exp $`
Import kstart-3.16. k5start, and krenew are modified versions of kinit which add support for running as a daemon to maintain a ticket cache, running a command with credentials from a keytab and maintaining a ticket cache until that command completes, obtaining AFS tokens (via an external aklog) after obtaining tickets, and creating an AFS PAG for a command. They are primarily useful in conjunction with long-running jobs; for moving ticket handling code out of servers, cron jobs, or daemons; and to obtain tickets and AFS tokens with a single command. 2010-04-15 22:23:03 +02:00
kstart: update to 4.2 k5start, when run with the -K option to run as a daemon, no longer exits if the initial authentication fails (unless -x was given). Instead, it reports the error to standard error and then continues to run, attempting authentication every minute as if authentication had failed after it had started. For both k5start with a command or -K and no -x flag, and krenew with the -i flag, repeatedly retry the initial authentication. The first retry will be immediate, and then the commands will keep trying with exponential backoff to one minute intervals, and then continuously at one minute intervals until the command is killed or authentication succeeds. k5start and krenew will no longer start any other command until the initial authentication succeeds, fixing startup behavior when running a command that must have valid Kerberos tickets immediately on start. Clean up the temporary ticket cache on k5start failure if -o, -g, or -m were given. The -H flag to k5start or krenew may now be used in conjunction with -K and controls whether the ticket is renewed when the command wakes up. Normally, the ticket will be renewed if it will expire sooner than two minutes after the next time the command will wake up. If -H is specified, its value replaces the default value of two minutes. Add a new -a option to both k5start and krenew that, when used with -K, tells those programs to refresh tickets every time they wake up. This is useful with -t to ensure that the AFS token renewal program is always run, even if something else renews the ticket cache before k5start or krenew wake up. It also provides more predictable ticket refresh behavior. This probably should have been the default with -K from the beginning, but the default wasn't changed to keep backward compatibility. Consider always using -a with -K. Fix k5start and krenew to not incorrectly reject the -b flag in conjunction with -K or a command. 2020-05-22 07:27:06 +02:00			`DISTNAME= kstart-4.2`
Import kstart-3.16. k5start, and krenew are modified versions of kinit which add support for running as a daemon to maintain a ticket cache, running a command with credentials from a keytab and maintaining a ticket cache until that command completes, obtaining AFS tokens (via an external aklog) after obtaining tickets, and creating an AFS PAG for a command. They are primarily useful in conjunction with long-running jobs; for moving ticket handling code out of servers, cron jobs, or daemons; and to obtain tickets and AFS tokens with a single command. 2010-04-15 22:23:03 +02:00			`CATEGORIES= sysutils`
			`MASTER_SITES= http://archives.eyrie.org/software/kerberos/`

			`MAINTAINER= jakllsch@NetBSD.org`
Follow some http redirects. 2017-08-16 22:21:03 +02:00			`HOMEPAGE= https://www.eyrie.org/~eagle/software/kstart/`
Import kstart-3.16. k5start, and krenew are modified versions of kinit which add support for running as a daemon to maintain a ticket cache, running a command with credentials from a keytab and maintaining a ticket cache until that command completes, obtaining AFS tokens (via an external aklog) after obtaining tickets, and creating an AFS PAG for a command. They are primarily useful in conjunction with long-running jobs; for moving ticket handling code out of servers, cron jobs, or daemons; and to obtain tickets and AFS tokens with a single command. 2010-04-15 22:23:03 +02:00			`COMMENT= Kerberos v5 kinit daemon that uses keytabs`
			`LICENSE= mit`

			`GNU_CONFIGURE= yes`

			`CONFIGURE_ARGS+= --enable-setpag`

			`# As the NetBSD base system doesn't ship with afslog`
			`# and pkgsrc heimdal and pkgsrc openafs conflict;`
			`# the path to (ak\|afs)log is configurable.`

			`BUILD_DEFS+= KSTART_PATH_AKLOG`
			`KSTART_PATH_AKLOG?= ${PREFIX}/bin/afslog`
			`.include "../../mk/bsd.prefs.mk"`
			`CONFIGURE_ARGS+= --with-aklog=${KSTART_PATH_AKLOG:Q}`

			`.include "../../mk/krb5.buildlink3.mk"`
			`.include "../../mk/bsd.pkg.mk"`