Support GLITE_GSS_MECH in startup scripts - using Kerberos environment variables...

diff --git a/org.glite.lb.logger/config/startup b/org.glite.lb.logger/config/startup
index 5032daf..3d4a673 100755 (executable)
--- a/org.glite.lb.logger/config/startup
+++ b/org.glite.lb.logger/config/startup
@@ -42,9 +42,12 @@ LL_PIDFILE=${LL_PIDFILE:-$GLITE_LB_LOCATION_VAR/glite-lb-logd.pid}
 IL_PIDFILE=${IL_PIDFILE:-$GLITE_LB_LOCATION_VAR/glite-lb-interlogd.pid}
 IL_SOCKFILE=/tmp/interlogger.sock
 
+KRB5_KTNAME=${KRB5_KTNAME:-'FILE:/var/glite/krb5kt_lb'}
+KRB5CCNAME=${KRB5CCNAME:-'FILE:/var/glite/krb5cc_lb'}
+
 lockfile=/var/lock/glite-lb-locallogger
 
-unset creds port log4c
+unset creds port env
 
 start_daemon()
 {
@@ -67,7 +70,7 @@ start_daemon()
                fi
        fi
        echo -n "Starting $name ..."
-       su - $GLITE_USER -c "$log4c $cmd"
+       su - $GLITE_USER -c "$env $cmd"
 
        if [ $? -eq 0 ]; then
                echo " done"
@@ -120,24 +123,28 @@ start()
                return 1
        fi
 
-       [ -n "$GLITE_HOST_CERT" -a -n "$GLITE_HOST_KEY" ] &&
-               creds="-c $GLITE_HOST_CERT -k $GLITE_HOST_KEY"
+       env="LOG4C_RCPATH='$GLITE_LB_LOCATION_ETC/glite-lb'"
 
-       if test -z "$creds"; then
-               if su - $GLITE_USER -c "test -r /etc/grid-security/hostkey.pem -a -r /etc/grid-security/hostcert.pem"; then
-                       echo "$0: WARNING: /etc/grid-security/hostkey.pem readable by $GLITE_USER"
-                       creds="-c /etc/grid-security/hostcert.pem -k /etc/grid-security/hostkey.pem"
+       if [ x"$GLITE_GSS_MECH" = x"krb5" ]; then
+               env="$env KRB5_KTNAME='$KRB5_KTNAME' KRB5CCNAME='$KRB5CCNAME'"
+       else
+               [ -n "$GLITE_HOST_CERT" -a -n "$GLITE_HOST_KEY" ] &&
+                       creds="-c $GLITE_HOST_CERT -k $GLITE_HOST_KEY"
+
+               if test -z "$creds"; then
+                       if su - $GLITE_USER -c "test -r /etc/grid-security/hostkey.pem -a -r /etc/grid-security/hostcert.pem"; then
+                               echo "$0: WARNING: /etc/grid-security/hostkey.pem readable by $GLITE_USER"
+                               creds="-c /etc/grid-security/hostcert.pem -k /etc/grid-security/hostkey.pem"
+                       fi
                fi
-       fi
 
-       [ -z "$creds" ] && echo $0: WARNING: No credentials specified. Using default lookup which is dangerous. >&2
+               [ -z "$creds" ] && echo $0: WARNING: No credentials specified. Using default lookup which is dangerous. >&2
+       fi
 
        [ -n "$GLITE_LB_LOGGER_PORT" ] && port="--port $GLITE_LB_LOGGER_PORT"
        [ -n "$GLITE_LB_IL_SOCK" ] && sock="--socket $GLITE_LB_IL_SOCK"
        [ -n "$GLITE_LB_IL_FPREFIX" ] && fprefix="--file-prefix $GLITE_LB_IL_FPREFIX"
 
-       log4c="LOG4C_RCPATH='$GLITE_LB_LOCATION_ETC/glite-lb'"
-
        mkdir -p /var/glite/log 
        chown $GLITE_USER /var/glite/log
         (cd /tmp && ls -f /tmp |grep ^dglogd_sock_ |xargs rm -f)

diff --git a/org.glite.lb.server/config/startup b/org.glite.lb.server/config/startup
index 023b74b..3c94508 100755 (executable)
--- a/org.glite.lb.server/config/startup
+++ b/org.glite.lb.server/config/startup
@@ -58,9 +58,12 @@ if [ -f "$msgconf" ]; then
        GLITE_LB_SERVER_OTHER_OPTIONS="$GLITE_LB_SERVER_OTHER_OPTIONS -F $msgconf"
 fi
 
+KRB5_KTNAME=${KRB5_KTNAME:-'FILE:/var/glite/krb5kt_lb'}
+KRB5CCNAME=${KRB5CCNAME:-'FILE:/var/glite/krb5cc_lb'}
+
 lockfile=/var/lock/glite-lb-bkserverd
 
-unset creds port log4c
+unset creds port env
 
 start_daemon()
 {
@@ -83,7 +86,7 @@ start_daemon()
                fi
        fi
        echo -n "Starting $name ..."
-       su - $GLITE_USER -c "$log4c $cmd"
+       su - $GLITE_USER -c "$env $cmd"
 
        if [ $? -eq 0 ]; then
                echo " done"
@@ -157,17 +160,23 @@ start()
                return 1
        fi
 
-       [ -n "$GLITE_HOST_CERT" -a -n "$GLITE_HOST_KEY" ] &&
-               creds="-c $GLITE_HOST_CERT -k $GLITE_HOST_KEY"
+       env="LOG4C_RCPATH='$GLITE_LB_LOCATION_ETC/glite-lb'"
+
+       if [ x"$GLITE_GSS_MECH" = x"krb5" ]; then
+               env="$env KRB5_KTNAME='$KRB5_KTNAME' KRB5CCNAME='$KRB5CCNAME'"
+       else
+               [ -n "$GLITE_HOST_CERT" -a -n "$GLITE_HOST_KEY" ] &&
+                       creds="-c $GLITE_HOST_CERT -k $GLITE_HOST_KEY"
 
-       if test -z "$creds"; then
-               if su - $GLITE_USER -c "test -r /etc/grid-security/hostkey.pem -a -r /etc/grid-security/hostcert.pem"; then
-                       echo "$0: WARNING: /etc/grid-security/hostkey.pem readable by $GLITE_USER"
-                       creds="-c /etc/grid-security/hostcert.pem -k /etc/grid-security/hostkey.pem"
+               if test -z "$creds"; then
+                       if su - $GLITE_USER -c "test -r /etc/grid-security/hostkey.pem -a -r /etc/grid-security/hostcert.pem"; then
+                               echo "$0: WARNING: /etc/grid-security/hostkey.pem readable by $GLITE_USER"
+                               creds="-c /etc/grid-security/hostcert.pem -k /etc/grid-security/hostkey.pem"
+                       fi
                fi
-       fi
 
-       log4c="LOG4C_RCPATH='$GLITE_LB_LOCATION_ETC/glite-lb'"
+               [ -z "$creds" ] && echo $0: WARNING: No credentials specified. Using default lookup which is dangerous. >&2
+       fi
 
        policy="$GLITE_LB_LOCATION_ETC/glite-lb/glite-lb-authz.conf"
        lcas_log="LCAS_LOG_FILE='/var/log/glite/glite-lb-server-lcas.log' LCAS_ETC_DIR='$GLITE_LB_LOCATION_ETC/glite-lb'"
@@ -213,8 +222,6 @@ start()
                [ -n "$GLITE_LB_EXPORT_JPPS" ] && jpps="--jpps $GLITE_LB_EXPORT_JPPS"
        fi
 
-       [ -z "$creds" ] && echo $0: WARNING: No credentials specified. Using default lookup which is dangerous. >&2
-
        [ -n "$GLITE_LB_SERVER_PORT" ] && port="-p $GLITE_LB_SERVER_PORT"
        [ -n "$GLITE_LB_SERVER_WPORT" ] && wport="-w $GLITE_LB_SERVER_WPORT"
        [ -z "$GLITE_LB_NOTIF_FPREFIX" ] && GLITE_LB_NOTIF_FPREFIX="/var/tmp/glite-lb-notif"