#! /bin/sh
# Copyright (c) 1995-2002 SuSE LINUX Products GmbH, Nuernberg, Germany.
# All rights reserved.
#
# Author: Michael Calmer <Michael.Calmer@suse.de>
#
# /etc/init.d/kadmind
#
### BEGIN INIT INFO
# Provides:          kadmind 
# Required-Start:    $syslog $remote_fs krb5kdc
# Should-Start: $time
# Required-Stop:     $syslog $remote_fs krb5kdc
# Should-Stop: $time
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Short-Description: Start and stop the Kerberos 5 administrative server.
# Description:       Kerberos 5 is a trusted third-party authentication system. 
#              This script starts and stops the Kerberos 5 administrative 
#              server, which should only be run on the master server for a 
#              realm.
### END INIT INFO

#
# kadmind      Start and stop the Kerberos 5 administrative server.
#
# chkconfig:   35 35 65
# description: Kerberos 5 is a trusted third-party authentication system.  \
#	       This script starts and stops the Kerberos 5 administrative \
#              server, which should only be run on the master server for a \
#              realm.
# processname: kadmind
#

prog="Kerberos 5 Admin Server"
kadmind=/usr/lib/mit/sbin/kadmind
krbdir=/var/lib/kerberos/krb5kdc

RETVAL=0
. /etc/rc.status

# Reset status of this service
rc_reset

. /etc/sysconfig/kadmind

# Shell functions to cut down on useless shell instances.
start() {
        if [ ! -f $krbdir/principal ] ; then
            # Make an educated guess -- if they're using kldap somewhere,
            # then we don't know for sure that this is an error.
            if ! grep -q 'db_library.*=.*kldap' /etc/krb5.conf ; then
                echo "Error. Default principal database does not exist."
                rc_failed 6
		rc_status -v
		rc_exit
            fi
        fi
  	if [ -f $krbdir/kpropd.acl ] ; then
	    echo "This seems to be a slave server, found kpropd.acl"
	    rc_failed 6
	    rc_status -v
	    rc_exit
	else
  	    if [ ! -f $krbdir/kadm5.keytab ] ; then
		echo "Extracting kadm5 Service Keys: "
		/usr/lib/mit/sbin/kadmin.local -q "ktadd -k $krbdir/kadm5.keytab kadmin/admin kadmin/changepw"
                if [ $? -ne 0 ] ; then
                    echo "Extracting failed"
                    rc_failed 1
		    rc_status -v
		    rc_exit
                fi
	    fi
	fi
	echo -n "Starting $prog"
	startproc ${kadmind} $KADMIND_ARGS
        # Remember status and be verbose
        rc_status -v
        
}
stop() {
	echo -n "Stopping $prog"
	killproc -TERM ${kadmind}

        # Remember status and be verbose
        rc_status -v

}
reload() {
	echo -n "Reload service $prog"
	killproc ${kadmind} -HUP
  
        rc_status -v
}

# See how we were called.
case "$1" in
  start)
	start
	;;
  stop)
	stop
	;;
  restart)
	$0 stop
	$0 start
	;;
  status)
        echo -n "Checking for service $prog"
	checkproc ${kadmind}

        rc_status -v
	;;
  reload|force-reload)
	reload
	;;
  try-restart)
        $0 status
        if test $? = 0; then
                $0 restart
        else
                rc_reset        # Not running is not a failure.
        fi
        # Remember status and be quiet
        rc_status
	;;
  *)
	echo "Usage: $0 {start|stop|status|try-restart|reload|restart}"
        exit 1	
	;;
esac
rc_exit
