#!/bin/sh
#
# kadmind	Kerberos V5 administrative service
#
# chkconfig:	35 41 41
#
# description:	kadmind is a Kerberos V5 administrative server which \
#		should only be run on the master server for a realm.
#
# processname: kadmind

# Source function library
. /etc/rc.d/init.d/functions

# Get network config
. /etc/sysconfig/network

KERBEROS_DATABASE=/var/lib/kerberos/krb5kdc/principal
KERBEROS_KPROPD_ACL_FILE=/var/lib/kerberos/krb5kdc/kpropd.acl
KERBEROS_KADM_KEYTAB_FILE=/var/lib/kerberos/krb5kdc/kadm5.keytab

# Get service config - may override defaults
[ -f /etc/sysconfig/kerberos ] && . /etc/sysconfig/kerberos

# Check that networking is up.
if is_yes "${NETWORKING}"; then
        if [ ! -f /var/lock/subsys/network ]; then
                msg_network_down "Kerberos V5 Administrative Server"
                exit 1
        fi
else
        exit 0
fi


# See how we were called.
case "$1" in
  start)
        if [ ! -f "$KERBEROS_DATABASE" ] ; then
	    # It MAY be in LDAP
	    if ! grep -q 'db_library.*=.*kldap' /etc/krb5.conf ; then
                cat << END_OF_MSG
Kerberos database could not be found in $KERBEROS_DATABASE!
You have to create Kerberos database prior to running administrative server.
This can be done with:
kdb5_util create -r <kerberos_realm> -s -d $KERBEROS_DATABASE

See kdb5_util(8) for more information.
END_OF_MSG

        	exit 1
	    fi
        fi
        if [ -f "$KERBEROS_KPROPD_ACL_FILE" ] ; then
		show "This service should only be run on the master server for a realm!"
        	exit 1
        fi
        if [ ! -f "$KERBEROS_KADM_KEYTAB_FILE" ] ; then
        	show "Extracting Service Keys"
        	kadmin.local -q "ktadd -k $KERBEROS_KADM_KEYTAB_FILE kadmin/admin kadmin/changepw" > /dev/null
		RETVAL=$?
		if  [ $RETVAL -eq 0 ]; then
			ok
		else
			fail
			exit 1
		fi
        fi

        # Check if the service is already running?
        if [ ! -f /var/lock/subsys/kadmind ]; then
                msg_starting "Kerberos V5 Administrative Server"
                daemon kadmind ${KERBEROS_REALM:+-r ${KERBEROS_REALM}} $KADMIND_ARGS
                RETVAL=$?
                [ $RETVAL -eq 0 ] && touch /var/lock/subsys/kadmind
        else
                msg_already_running "Kerberos V5 Administrative Server"
        fi
        ;;
  stop)
        if [ -f /var/lock/subsys/kadmind ]; then
                msg_stopping "Kerberos V5 Administrative Server"
                killproc kadmind
                rm -f /var/lock/subsys/kadmind
        else
                msg_not_running "Kerberos V5 Administrative Server"
        fi
        ;;
  restart)
        $0 stop
        $0 start
        exit $?
        ;;
  reload|force-reload)
        if [ -f /var/lock/subsys/kadmind ]; then
                msg_reloading "Kerberos V5 Administrative Server"
                killproc kadmind -HUP
                RETVAL=$?
        else
                msg_not_running "Kerberos V5 Administrative Server" >&2
                RETVAL=7
        fi
        ;;
  status)
        status kadmind
        RETVAL=$?
        ;;
  *)
        msg_usage "$0 {start|stop|restart|reload|force-reload|status}"
        exit 3
esac

exit $RETVAL

# This must be last line !
# vi:syntax=sh:tw=78:ts=8:sw=4
