debian/changelog

@@ -5,6 +5,15 @@ debian-edu-config (2.10.39) UNRELEASED; urgency=medium
   * cf3/cf.grub: Adjust configuration for systems with profile 'Minimal'. Keep
     legacy interface names to ensure easier configuration as a gateway; don't
     run 'plymouth-set-default-theme', plymouth isn't used on a minimal system.
+  * Improve scripts needed for kerberized NFS.
+    - share/debian-edu-config/tools/gosa-remove-host:
+      + Make host principals and keytab file removal conditional; this is needed
+        in case a system accidentally added via sitesummary2ldapdhcp is removed
+        without any modification applied.
+    - share/debian-edu-config/tools/gosa-modify-host:
+      + Also create nfs principal for the modified host.
+      + Remove leftover principals and keytab file belonging to modified host.
+      + Add logging statement.
 
  -- Wolfgang Schweer <wschweer@arcor.de>  Sun, 30 Sep 2018 23:35:05 +0200
 

share/debian-edu-config/tools/gosa-modify-host

@@ -10,7 +10,22 @@ HOST="$1"
 /usr/share/debian-edu-config/tools/gosa-create-host $HOST
 kadmin.local -q "add_principal -policy hosts -randkey host/$HOST.intern"
 kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern"
+kadmin.local -q "add_principal -policy hosts -randkey nfs/$HOST.intern"
+kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab nfs/$HOST.intern"
+logger -t gosa-modify-host -p notice Krb5 keytab file for \'$HOST\' created.
+
 # update services:
 /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs
 
+# cleanup from leftover host principals and keytab file:
+for i in $(basename -a /etc/debian-edu/host-keytabs/* | sed 's#.intern.keytab##') ; do
+    if slapcat | grep $i | grep -q dhcp ; then
+	    :
+	else
+		kadmin.local delprinc host/$i.intern@INTERN
+		kadmin.local delprinc nfs/$i.intern@INTERN
+		rm /etc/debian-edu/host-keytabs/$i.intern.keytab
+    fi
+done
+
 exit 0

share/debian-edu-config/tools/gosa-remove-host

@@ -12,10 +12,12 @@ set -ex
 HOST="$1"
 
 ## delete host's nfs principal and keytab file;
+if $(kadmin.local listprincs | grep -q $HOST) ; then
     for i in $(kadmin.local listprincs | grep $HOST) ; do
         kadmin.local delprinc $i
     done
     rm /etc/debian-edu/host-keytabs/$(ls -l /etc/debian-edu/host-keytabs | grep $HOST | awk '{print $9}')
+fi
 #
 
 # update services: