From unknown Wed Jun 18 23:12:34 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#77001 <77001@debbugs.gnu.org> To: bug#77001 <77001@debbugs.gnu.org> Subject: Status: [PATCH 0/8] Improve Kerberos support Reply-To: bug#77001 <77001@debbugs.gnu.org> Date: Thu, 19 Jun 2025 06:12:34 +0000 retitle 77001 [PATCH 0/8] Improve Kerberos support reassign 77001 guix-patches submitter 77001 Tomas Volf <~@wolfsden.cz> severity 77001 normal tag 77001 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 13 18:18:44 2025 Received: (at submit) by debbugs.gnu.org; 13 Mar 2025 22:18:45 +0000 Received: from localhost ([127.0.0.1]:58664 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tsqt2-000461-Hk for submit@debbugs.gnu.org; Thu, 13 Mar 2025 18:18:44 -0400 Received: from lists.gnu.org ([2001:470:142::17]:46890) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tsqsi-00045B-3H for submit@debbugs.gnu.org; Thu, 13 Mar 2025 18:18:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1tsqsY-0000p2-OU for guix-patches@gnu.org; Thu, 13 Mar 2025 18:18:14 -0400 Received: from wolfsden.cz ([37.205.8.62]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1tsqsS-00075l-Lu for guix-patches@gnu.org; Thu, 13 Mar 2025 18:18:14 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 4EBF329B0E6; Thu, 13 Mar 2025 22:18:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904282; bh=bRIjOmJ5lFqgdaOq88TwhkZvPp3TWNJOBuDxtL59GqY=; h=From:To:Cc:Subject:Date; b=AtJmasK96bp5fVZiIfRP0oJRQRS/AIrRs6uAndxQ6Xu3JFRS/20FeejERuUZvuwTh nJVgKUO7taD77zSfmIU2R3u9dSgVv9dLs/VaUmSTnXtxTmt2jyu5Giqd0X4HfkUme2 5vYdeW86Jzcu3jUKrk/iWq5bFQ+UL08GNyvWTqOyCcRuECVWU5rPa7/BN6SdNGFgyr hlLI2Qt4JwjGxbv4lnGmH5ZF081wf1JZPD59KArRrjE8yFI8ZVoDKkf7W1ffPPMEQE M9fSPeL4WoRoeFM1X/xtKamtwOcw8X/Fk0UqUhjg1r/i0aeC3b09ON+LcnyEnSs9iQ 9dBg05ltwDuLjJ9LNIthi5bESwOdQvgjAW+NxlwuCx6VVI/KtL4VZbRs6Jb/0HPC88 +vcAVEUYUnC8vSS7cbcLWGkXuIthHCWPGgH8MrvaMmNem5lgN9OBGDpkf+pY9pMDrS uF+6qxxF4b3lx/3qfHs/igAR1rGK94/mz+OKfx7eRzeVmvm4XVCRvWup71YDChvADY i5ksAUZIkOWv6qQhGMdp+8v04BCphcNNCDX9ZnIrwLKevBQg4+T3AfPHijrwXSFLz6 OToGjoLlb10qTa6VPgIjuOvegaPjUlS5C6VB7d2IZ1XBhKzXQu9GitoXqJBnpbJTbz w/AKHuexQKhG2zae7+n4Wlmg= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id B7DE429B7BA; Thu, 13 Mar 2025 22:18:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904280; bh=bRIjOmJ5lFqgdaOq88TwhkZvPp3TWNJOBuDxtL59GqY=; h=From:To:Cc:Subject:Date; b=i9LsWvCQBHo48g9cn3BFZq1WmX8A/Xn+uSTL3ojRafeJwlDt/oILgCmXnhpVk+MqQ fmLrNAi6UXjo4N7fXtrHlGVDB5hImWN0lLxQb7qDP4vBt4UTlwiIoccxngX4iHw0lC a6KOVTs2ZFOHx4KE0HKeLFBnnWpTYqRwmQQbPcJ3427kcax5IJ9jUHAFVTD64tBPVx kSSTxIzkp+jCWDKuiwJJFsRL9oqrmLcPsCzQQg1vHcstaqnEPETSRFuWDNkpPEe80u JvWfbGdyiAwfQApWzoerbipPaktK8MCtg3D9nRd5RiwrcrCJ2kyRz1gPB2sNIaRgH6 1IxLzct7vCW4p6TEd2aKfZzJzjsX/OFR6I+bRiLJ3PtGBQoHXfyfTqIdAWo5ujMiCl 0e6gjDbtErbZw/YoUo5iVxKtbrN4X/B6OXf+E9ATtVwy7xdkGIMzaDQ59UnJmlmcHL YyG7fqbyvW2TzM2RhktwbeC3yJway8yViU9cU4LQ9oJCJ50zenzNTy0Z3T1MArKW4l YHS8lQOrQGe46/kRdus++AD40qYZDwqFJfLCMmDZ+uU0bb7y01lP5hRoPsay2HbViC 0+Ww1PG/FXFZiPPDNlSTFAgATq2/nBEU/hGoF+CBLpsPiHPPZLByODyINcKjn5TB/M 1zGP4G05n/wYhTgJ3oSYlXE4= From: Tomas Volf <~@wolfsden.cz> To: guix-patches@gnu.org Subject: [PATCH 0/8] Improve Kerberos support Date: Thu, 13 Mar 2025 23:17:47 +0100 Message-ID: X-Mailer: git-send-email 2.48.1 MIME-Version: 1.0 X-Debbugs-Cc: Ludovic Courtès , Maxim Cournoyer Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=37.205.8.62; envelope-from=~@wolfsden.cz; helo=wolfsden.cz X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Couple of style fixes and feature additions for krb5-service-type. Tomas Volf (8): services: krb5-realm: Delete trailing whitespace. services: krb5-realm: Unify style of documentation strings. services: krb5-realm: Add default-principal-flags field. services: krb5-configuration: Fix indentation. services: krb5-configuration: Unify style of documentation strings. services: krb5-configuration: Add dns-lookup-realm? field. services: kerberos: Fix order of definitions. services: krb5-service-type: Support launching KDC daemon. doc/guix.texi | 12 +-- gnu/services/kerberos.scm | 168 ++++++++++++++++++++++++++------------ 2 files changed, 122 insertions(+), 58 deletions(-) -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 13 18:20:08 2025 Received: (at 77001) by debbugs.gnu.org; 13 Mar 2025 22:20:08 +0000 Received: from localhost ([127.0.0.1]:58693 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tsquN-0004E6-EY for submit@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:08 -0400 Received: from wolfsden.cz ([37.205.8.62]:44840) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tsquJ-0004C3-Pj for 77001@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:04 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id BCCC329C1AA; Thu, 13 Mar 2025 22:20:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904402; bh=DGyqGKSULC072VZc+erkbyG5x9KPk95ZLdroect1zzY=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=VelvyAce/xEfEf8PbgaIxRh4Q/aHSc8ZDKTcCRppCFNWnR3mJRkja4ZITS8LbLahu WVqtuiVp11Glz7JN1vUDMCLwSXVb0dpO3hOVDf+0RRk2SftdDS53sOHQXJ1isUVnf8 DxPX6BGTi4GAffKHRA8N64Y+gJyFnjU+Ue9hX+TnukLj8XoQ3yIvQz+a9kzrN9yP1u hLkMVLTewe0QA6N/snWJw0Moawtgby06JoC8A5MHE8gEzq2eLmzGcTvTLN49o8BdnI GYz2GSLvh2evx5LmLtA1qd65AzWM8fEb9CAKITzgOt7naL9k8gkFgUIOd36cNoIwyu YtU6EEfpZbmemJiWmYtNWVBle+R+/HBrR6iEtOWYNP7ab3fmSmlVRx7bRu7rddWVP+ UJojuSvQweNYqYPahadAzzki07m2TaeKmXBHHkFjM8dM/uwAEQuLqrpP5vP/vQEfOT vI7Ukz9lAGKsk0vVwbGBoj5k19QlwcTlNk7khw2LhuW2mXl6lQWSe9tMpvqHVpnfK7 yX5Qo7nJYjkvKAA5aedN6pWin9RC4g7th3N0jfGXC9e8mY8BjglDM99vXnJrte/3PV 1lxjSAxvBHq0stkaxuMsXz7kwyJwDI3Zdsr2K8Yls9fCRCjDgqTW2j1yiQkNjJvRfr Froi//3ZBebuSDsX48xNXpvE= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id 18A0429CC08; Thu, 13 Mar 2025 22:20:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904402; bh=DGyqGKSULC072VZc+erkbyG5x9KPk95ZLdroect1zzY=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=VelvyAce/xEfEf8PbgaIxRh4Q/aHSc8ZDKTcCRppCFNWnR3mJRkja4ZITS8LbLahu WVqtuiVp11Glz7JN1vUDMCLwSXVb0dpO3hOVDf+0RRk2SftdDS53sOHQXJ1isUVnf8 DxPX6BGTi4GAffKHRA8N64Y+gJyFnjU+Ue9hX+TnukLj8XoQ3yIvQz+a9kzrN9yP1u hLkMVLTewe0QA6N/snWJw0Moawtgby06JoC8A5MHE8gEzq2eLmzGcTvTLN49o8BdnI GYz2GSLvh2evx5LmLtA1qd65AzWM8fEb9CAKITzgOt7naL9k8gkFgUIOd36cNoIwyu YtU6EEfpZbmemJiWmYtNWVBle+R+/HBrR6iEtOWYNP7ab3fmSmlVRx7bRu7rddWVP+ UJojuSvQweNYqYPahadAzzki07m2TaeKmXBHHkFjM8dM/uwAEQuLqrpP5vP/vQEfOT vI7Ukz9lAGKsk0vVwbGBoj5k19QlwcTlNk7khw2LhuW2mXl6lQWSe9tMpvqHVpnfK7 yX5Qo7nJYjkvKAA5aedN6pWin9RC4g7th3N0jfGXC9e8mY8BjglDM99vXnJrte/3PV 1lxjSAxvBHq0stkaxuMsXz7kwyJwDI3Zdsr2K8Yls9fCRCjDgqTW2j1yiQkNjJvRfr Froi//3ZBebuSDsX48xNXpvE= From: Tomas Volf <~@wolfsden.cz> To: 77001@debbugs.gnu.org Subject: [PATCH 3/8] services: krb5-realm: Add default-principal-flags field. Date: Thu, 13 Mar 2025 23:19:46 +0100 Message-ID: <1c2db6ae3e19e1be60e3f6b3dcc5a460aeee9166.1741904210.git.~@wolfsden.cz> X-Mailer: git-send-email 2.48.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/kerberos.scm (krb5-realm): Add default-principal-flags field. (serialize-comma-separated-string-list/unset, comma-separated-string-list?) (comma-separated-string-list/unset?): New procedures. Change-Id: Ie5f787ca0745dd6234ea4577b39a58d71e4fa6d2 --- gnu/services/kerberos.scm | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index d3ac7ca8b9..61d3a323fb 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -106,6 +106,19 @@ (define (space-separated-string-list? val) (define space-separated-string-list/unset? (predicate/unset space-separated-string-list?)) +(define (serialize-comma-separated-string-list/unset field-name val) + (unless (eq? val unset-field) + (serialize-field* field-name (string-join val ",")))) + +(define (comma-separated-string-list? val) + (and (list? val) + (and-map (lambda (x) + (and (string? x) (not (string-index x #\,)))) + val))) + +(define comma-separated-string-list/unset? + (predicate/unset comma-separated-string-list?)) + (define comma-separated-integer-list/unset? (predicate/unset (lambda (val) (and (list? val) @@ -198,6 +211,13 @@ (define-configuration krb5-realm (string/unset unset-field) "The server where password changes are performed.") + (default-principal-flags + (comma-separated-string-list/unset unset-field) + "Specifies the default attributes of principals created in this realm. The +format for this string is a list of strings, with '+' before each flag that +should be enabled and '-' before each flag that should be disabled. See the +manual page for details on available flags.") + (auth-to-local (free-form-fields '()) "Rules to map between principals and local users.") -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 13 18:20:09 2025 Received: (at 77001) by debbugs.gnu.org; 13 Mar 2025 22:20:09 +0000 Received: from localhost ([127.0.0.1]:58695 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tsquO-0004EW-Gg for submit@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:09 -0400 Received: from wolfsden.cz ([37.205.8.62]:44834) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tsquJ-0004Bc-9R for 77001@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:04 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 8086429C0B1; Thu, 13 Mar 2025 22:20:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904401; bh=gV2LgT4Mlm70kYI5ZtHp56wbol/lQ1wdLqf2T71hy/c=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=dFTapQg6804ZnS4xsIxCMX00oL+50hhQiI8FTUv4alxGX9eMf1/cgVetPUtthhxw+ GZIM+jRiZAbSedYO6kMq03NaGERhbvlFhit25dI2SqGmqjoVRblH6z2scsauALs45j IjIPErf4OFi6tevu/L6Y9bBBXDycdRy/AyvUuZfFWKE+p8/kb0T2pAJIIInxKt70ul UPpZnKzdWAZrogGE03cycDmC34Vuvwh3mvFJOqEjYZZHBBgGlg0g4BeJMoV1Avu4Lm ANwkAnHOcFW5Qmpr8t/O6ynff2bW8LsxuVW5MyzgBXYJfWm89ows0rNYrqOvRzdQn2 c4o6PoMA1lQ8STXiJpMbRo2HppVFH4ngxCX7urN9XJCxGka8+zVCCkugrHvfUdPHnt 7OpQS8EA6pAPrwC156xoYnw++YNGc/+UieMu8Dzo7wZcuayqVQR6IjMZPa/2c/MSlp JDPkOPEutTFc4jfxu9c4aETrLHBNPgW0obk2Ij9IPFEnHKviG9xsMiyEOjNqZ+Z2Dg 6qaGnDcaAyw8LIIj+8W1V7vGEPvt/xMdjFxdMQSBE0g2z8f3GGzEGCN088Ak9H/Z6X PwIAeGfN4qh0GpHrGvvX6ymijcCkED2kYR67MCyC26JwhDxUuABteb60Z5VULkObZc tHZp1f/DYtbmGwYx7AyuVdTQ= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id 1A37A29BA42; Thu, 13 Mar 2025 22:20:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904401; bh=gV2LgT4Mlm70kYI5ZtHp56wbol/lQ1wdLqf2T71hy/c=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=dFTapQg6804ZnS4xsIxCMX00oL+50hhQiI8FTUv4alxGX9eMf1/cgVetPUtthhxw+ GZIM+jRiZAbSedYO6kMq03NaGERhbvlFhit25dI2SqGmqjoVRblH6z2scsauALs45j IjIPErf4OFi6tevu/L6Y9bBBXDycdRy/AyvUuZfFWKE+p8/kb0T2pAJIIInxKt70ul UPpZnKzdWAZrogGE03cycDmC34Vuvwh3mvFJOqEjYZZHBBgGlg0g4BeJMoV1Avu4Lm ANwkAnHOcFW5Qmpr8t/O6ynff2bW8LsxuVW5MyzgBXYJfWm89ows0rNYrqOvRzdQn2 c4o6PoMA1lQ8STXiJpMbRo2HppVFH4ngxCX7urN9XJCxGka8+zVCCkugrHvfUdPHnt 7OpQS8EA6pAPrwC156xoYnw++YNGc/+UieMu8Dzo7wZcuayqVQR6IjMZPa/2c/MSlp JDPkOPEutTFc4jfxu9c4aETrLHBNPgW0obk2Ij9IPFEnHKviG9xsMiyEOjNqZ+Z2Dg 6qaGnDcaAyw8LIIj+8W1V7vGEPvt/xMdjFxdMQSBE0g2z8f3GGzEGCN088Ak9H/Z6X PwIAeGfN4qh0GpHrGvvX6ymijcCkED2kYR67MCyC26JwhDxUuABteb60Z5VULkObZc tHZp1f/DYtbmGwYx7AyuVdTQ= From: Tomas Volf <~@wolfsden.cz> To: 77001@debbugs.gnu.org Subject: [PATCH 1/8] services: krb5-realm: Delete trailing whitespace. Date: Thu, 13 Mar 2025 23:19:44 +0100 Message-ID: X-Mailer: git-send-email 2.48.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/kerberos.scm (krb5-realm): Delete trailing whitespace. Change-Id: I3e92d53b0910660aeed318015841ec0ca8892430 --- gnu/services/kerberos.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index a6f540a9b6..fd12b518e6 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -191,7 +191,7 @@ (define-configuration krb5-realm (master-kdc (string/unset unset-field) - "If an attempt to get credentials fails because of an invalid password, + "If an attempt to get credentials fails because of an invalid password, the client software will attempt to contact the master KDC.") (kpasswd-server -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 13 18:20:13 2025 Received: (at 77001) by debbugs.gnu.org; 13 Mar 2025 22:20:13 +0000 Received: from localhost ([127.0.0.1]:58697 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tsquP-0004F4-7u for submit@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:13 -0400 Received: from wolfsden.cz ([37.205.8.62]:44842) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tsquK-0004C4-8v for 77001@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:05 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 3E10429CCE1; Thu, 13 Mar 2025 22:20:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904403; bh=eWrKjgkKyhodmYvxhwS1XSqTW0zor3SptVOq6Su2OXI=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=RC1FbYxrQrtCEkQ7NBxOOyypH1i4Nw1BPXYmgo3ZrcqoieO/iI8wcTqEg9LbwVwRd lZ0zhYe9ewSpnKwj/JjRGd2mzV11hI8RO4STj9sYuEdXSF8FO/YaVfWsw0hcO7ZFEm JiHK9TWrixR6XDrwn9YqP60+nUnbh87t0N6TTdluUcI/+zhx42Mh6OXFhyp0zmgNEP SN/zUcbeEAvXsz/e0va6kuukNBr8y2dg/PDIHYSAlILZNjNNxjCm2AsYKrj908nNL9 61FCGaysOcoOve8UACZ4NzV+OmVKPii9z8WAWZUHsjcUl4BsqyZmCfa23DOiVbtWc3 hs7/I7GKPZotTc70V73P3WOnos6wMhDzlwERlWDY17pDdZycHxYiMlPmrtB0IBmaeV ogHGH8PkZo4YZKUuMOv4E2bGcZTSfkhguz8uGx7K+NNQ0WAZSGpqkyeLTbTjC6SBWE sRDpsCneCc6F5vQaqFsEeYBhLJWovGA082+pO7JE9DCZHmWqcBp2RILIitRl7q7/Cs likLGGd+zLtKz6/RVFpEDqBKwxvimTWvxam12S9MAeRA5JITvIUlaHRdhIzoQBVWlQ /oRY/CSMwaXNirs7y3dgVLCZQ7h7pYKwbH/t8gbnyvyGDGbOswB8kAWkAVTC8yeD79 Nq3U/VBpPOQdIcQ+rKPnxyWM= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id 9087229B569; Thu, 13 Mar 2025 22:20:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904401; bh=eWrKjgkKyhodmYvxhwS1XSqTW0zor3SptVOq6Su2OXI=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=E33KGdMX0GeaO5l+LEqUQbIfnjZLbGPF2TJIt4/NtDJkapbkYGQNvinPgUGDLfOJo vojL3qRnOAV3bTrej2CKCCuigiUqK3s8kXcbuvbAj7YbNlWtG7l+tUO3gJoWawDH87 3rkJ1M0QtFWbeBbBAHnFmAmirC4SZyhHkUZKe78wnbsEY+f430IZ6zvvOVr7fEN+2g eKRLDmXBxVxM0xJPwqvEHKz/XO1aGbiqnkfJcpkZPc3b7jEMgfj323pHanyyRwCH3i glb5AwoMW3rVE5UVqIcYL3jtvWbFvQcnJlTSUBt8RHVpX+lzmpw4CSA0K4IGN1vVDB jAbJxjM+eu6dT0r0FOvSb6tOrDZFUEHqSWvQZDQHwCsY6JhbbwfA1JNWGUFq9fIeaR HK/d0DfwVuBMkzICJE48btkXlLbcqgXXgMEnRNMb7paqDipG1Z4LzpCye0vPzaAuFu wcmfDuGhd88JT4TxzzYj5kQWP9p7Y+Qlvq7ufKnQH8Sn4VOUr60VsKubF7R2YZEn6H 9L22O0jHT2LZNQfF/5wQHjXqGEUyeb9LhLUunxDe1BCIeDP5UqGYd+gH+mY0b/AvAc n5w5l9wNTtiln4j4fwlENe7S3wgsth+hfP2C6YexwHgvpuAgxN0cPif/18VzHtKz7F yLR0oHYR8doRIzHE/0V/sd4Q= From: Tomas Volf <~@wolfsden.cz> To: 77001@debbugs.gnu.org Subject: [PATCH 2/8] services: krb5-realm: Unify style of documentation strings. Date: Thu, 13 Mar 2025 23:19:45 +0100 Message-ID: <552ab3e529a9c560bba7760e6a7e933c42eefc1f.1741904210.git.~@wolfsden.cz> X-Mailer: git-send-email 2.48.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/kerberos.scm (krb5-realm): Add trailing periods where missing. Remove double space. Change-Id: I5dc47326c598548075f13a5ec48c24a0886a9a69 --- gnu/services/kerberos.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index fd12b518e6..d3ac7ca8b9 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -214,7 +214,7 @@ (define-configuration krb5-realm (default-domain (string/unset unset-field) "The domain used to expand host names when translating Kerberos 4 service -principals to Kerberos 5 principals") +principals to Kerberos 5 principals.") (v4-instance-convert (free-form-fields '()) @@ -222,8 +222,8 @@ (define-configuration krb5-realm (v4-realm (string/unset unset-field) - "Used when the V4 realm name and the V5 realm name are not the same, but -still share the same principal names and passwords")) + "Used when the V4 realm name and the V5 realm name are not the same, but +still share the same principal names and passwords.")) -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 13 18:20:21 2025 Received: (at 77001) by debbugs.gnu.org; 13 Mar 2025 22:20:21 +0000 Received: from localhost ([127.0.0.1]:58702 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tsqua-0004J9-JG for submit@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:21 -0400 Received: from wolfsden.cz ([37.205.8.62]:44848) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tsquK-0004C6-NS for 77001@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:06 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id A50F129C51F; Thu, 13 Mar 2025 22:20:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904403; bh=Hywo14gY7W5AZuNWZzVd3bgG690KKqRYafA/t3J5n78=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=KBKQAFeuTnkWPpHQRQxecum5mSks8OkjI3n7bzfPFDC13xIN01ITa7l+BroizqYag o6VHk5R5xZmvQ9FtSVQTmk3JKJ3WxLfY5k2Mqzsc25QOXCbGkb56lN2B18SRKFYFif UTVMt+mTD0da5okyPa3cwHu5neee0GqvgNeeS1mpztB3f8jHE9/pLt4gACu5dvLHrj 8I5LE+OE0P0zghee69coLH81UqmoSCuqauHl9NTgMcw4Pujoy82HywbSz6FMkMuVlq YHR3gDq+/tpGjzXQfHKhBCkihfWCIkmMaMi+4K9Z2UpAe7m6KeCXOcdT07D7RaGg8b vW4k/SGUEnxzpMliOUnpa1EVIEssJv+NxhCC6Bf5gFTFdhjZNFEu2kGvlpi7hr92uM Cqka5IkicGqGN8qEIND/x9z4mVjxSJrN4yMO8rtZNGzCeTStFNm7w2HBeYMsxY+vJP FQJWIKWOaRDFnFSPvJVejwuPlfR2LVtMnhc9rnLVykJ1fc6h1uZ0pSrv95BlLF0eZc lE4O+qV+EQnEWj9rYLtfC6s3LWzTc6My/uew6DFKzh5W9ibFGVu7EjYPx6Rtp/j5/N M0+z7C+JXcg1K22wa16Wi4E0sQlPyCCPIH2MKO76vXjoOzAQ5t149YULHi6Muiyal2 6Pp82/qQzFc4whKEbVz1NAxA= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id 2D0BD29C3A9; Thu, 13 Mar 2025 22:20:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904403; bh=Hywo14gY7W5AZuNWZzVd3bgG690KKqRYafA/t3J5n78=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=KBKQAFeuTnkWPpHQRQxecum5mSks8OkjI3n7bzfPFDC13xIN01ITa7l+BroizqYag o6VHk5R5xZmvQ9FtSVQTmk3JKJ3WxLfY5k2Mqzsc25QOXCbGkb56lN2B18SRKFYFif UTVMt+mTD0da5okyPa3cwHu5neee0GqvgNeeS1mpztB3f8jHE9/pLt4gACu5dvLHrj 8I5LE+OE0P0zghee69coLH81UqmoSCuqauHl9NTgMcw4Pujoy82HywbSz6FMkMuVlq YHR3gDq+/tpGjzXQfHKhBCkihfWCIkmMaMi+4K9Z2UpAe7m6KeCXOcdT07D7RaGg8b vW4k/SGUEnxzpMliOUnpa1EVIEssJv+NxhCC6Bf5gFTFdhjZNFEu2kGvlpi7hr92uM Cqka5IkicGqGN8qEIND/x9z4mVjxSJrN4yMO8rtZNGzCeTStFNm7w2HBeYMsxY+vJP FQJWIKWOaRDFnFSPvJVejwuPlfR2LVtMnhc9rnLVykJ1fc6h1uZ0pSrv95BlLF0eZc lE4O+qV+EQnEWj9rYLtfC6s3LWzTc6My/uew6DFKzh5W9ibFGVu7EjYPx6Rtp/j5/N M0+z7C+JXcg1K22wa16Wi4E0sQlPyCCPIH2MKO76vXjoOzAQ5t149YULHi6Muiyal2 6Pp82/qQzFc4whKEbVz1NAxA= From: Tomas Volf <~@wolfsden.cz> To: 77001@debbugs.gnu.org Subject: [PATCH 5/8] services: krb5-configuration: Unify style of documentation strings. Date: Thu, 13 Mar 2025 23:19:48 +0100 Message-ID: <33ae228456c08bffcd4e224332fab5d530b6247d.1741904210.git.~@wolfsden.cz> X-Mailer: git-send-email 2.48.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/kerberos.scm (krb5-configuration): Add trailing periods where missing. Add double space. Add @file. Change-Id: Id2d985df1e55566cb62f7355c2e4f0ca7d9924f2 --- gnu/services/kerberos.scm | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index 8d08a27365..f2f2adda88 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -301,11 +301,11 @@ (define-configuration krb5-configuration (dns-lookup-kdc? (boolean/unset unset-field) "Should DNS SRV records should be used to locate the KDCs and other servers -not appearing in the realm specification") +not appearing in the realm specification.") (err-fmt (string/unset unset-field) - "Custom error message formatting. If not #f error messages will be + "Custom error message formatting. If not #f error messages will be formatted by substituting a normal error message for %M and an error code for %C in the value.") @@ -323,7 +323,7 @@ (define-configuration krb5-configuration (k5login-authoritative? (boolean/unset unset-field) "If this flag is true, principals must be listed in a local user's k5login -file to be granted login access, if a ~/.k5login file exists.") +file to be granted login access, if a @file{~/.k5login} file exists.") (k5login-directory (string/unset unset-field) @@ -352,8 +352,8 @@ (define-configuration krb5-configuration (kdc-req-checksum-type (non-negative-integer/unset unset-field) - "The type of checksum to use for the KDC requests. Relevant only for DES -keys") + "The type of checksum to use for the KDC requests. Relevant only for DES +keys.") (noaddresses? (boolean/unset unset-field) -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 13 18:20:21 2025 Received: (at 77001) by debbugs.gnu.org; 13 Mar 2025 22:20:21 +0000 Received: from localhost ([127.0.0.1]:58704 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tsqub-0004JH-FD for submit@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:21 -0400 Received: from wolfsden.cz ([37.205.8.62]:39338) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tsquL-0004CH-5n for 77001@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:06 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 1C4EE29B9C4; Thu, 13 Mar 2025 22:20:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904404; bh=MEgA9HQUT8mCehVqtlJT/PrLkL/OjLNHyEb65rRJvrE=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=DzAL82MN2mgtdwljKnUBCtMxv1+tsHtuoStcdF8oU4KWqMQ5oJJv085JoRlYO/Yzc hmFmYCUyYwKbaUzmap6IFHbmkhh2qFajeKLehc29ebUAmv5VKgnHz/lJOJqPXjsjyJ qpBl6DwI+wS/itbFnoleoj8MePdjRWmSMC1AycT4Tbciker+pH3q8gbADaOS0d8zOQ RFtiGM5aH8Xuum6B82eXEqebpV3iyKvNePDJb/Hv8Ega7eczcsSzKDp3MFbiWDf6NR kq/Ftx38E7hEZD1PNA5opxnfVxKMkMp8jtUOGs9WtGL9IDy4dK9l7cY/tVa/mo4Pt3 ea8+zfnHC/Ktududzv8KX+19aW/3xcpOjBK2RpepHe6yI8I9Cr85iRr5Q5/8zsnkwF klwXewZO/cLDXtpnOA8PFDswAFeFePVJQicAL8Ek052B6XJgClxSVgZ3nv7MTVoWG3 oXe6vKgnyR9GQoVGoM9O+r/W/8ZArgRh+bSdt8lrHTqRD6CC3q4tr6+0LrUWfXw3Va tSDQW8f9ZdnseGy3Xyj6wuHQx5vVwnxNtcahz3QO7u8x9K+MIPQ6ap9Amo97nHr9iv ypkynTyQ1Ydf+P7N6q92lmcd1TDOXyRP4edihPPgl71k2tOTW8TXe+g2pTCvMi+81B VofamqlYuMDhEaazddjIcdYE= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id AAA2C29B65E; Thu, 13 Mar 2025 22:20:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904403; bh=MEgA9HQUT8mCehVqtlJT/PrLkL/OjLNHyEb65rRJvrE=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=o9Bt7LgsbBN+A1xQiB7qDmdQr5eprR7owGiCz3vN4SnkdIP17iXmWQxvY5I5ONfzM zDKcuRdfVF/Ye1gbnqF7XNvtqc/GxSCKL8T/lVkSu8M+z5bSBDI4VKjMXrzFAAcHwZ 0gVyWHR4uwqbl6qpCRckZ8B3QS92JV6EVEsNJMWHgean4wOu6zhldb+3srfO6vErbc 8NY9lkKVkEn6SVCfKlSZC3ULO640TuIOtkWTRLoieoC6DfWSHY8khhBPEOa0PM6kOK ydIqjWSqZq7W6HD1AcYKhacVUuFH+bDvTK3jPJE9bewZGDuCh6yhyUiJTaIKGnfwab uH3RosmTIDU0PXg6zaivfc9S3xJ/X3hNk8sySpYpZGJSnANqwT4k2QfN6lq9eLKEs0 14PHAPNp2qXIEc34aNQCdVHC37SJ7vUEiSkdt97A8HEMiQliiEdXq1Dvi97B5IHQq+ fEEMk2HaQi2U4+iGPAjgyuQGESqqElE/UM3LWwLmFmtLw8mLNlZOw+T3Emum+y1t9K VxEVShy2TojdBvxvi6UMuTVQfsa8XKQbbR61AKw78EA6c0UBkTCXqhJ6+fQEecN5Kr ISHPV1dYHlUqNb+8yWIzgiUI/ueQvUYHwwo0PIsMwCZ5xwQ/A+CJq1PmhUiLtb4hlb 1/9/R4Lv5NpGJAIcZJlJ37wY= From: Tomas Volf <~@wolfsden.cz> To: 77001@debbugs.gnu.org Subject: [PATCH 6/8] services: krb5-configuration: Add dns-lookup-realm? field. Date: Thu, 13 Mar 2025 23:19:49 +0100 Message-ID: X-Mailer: git-send-email 2.48.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/kerberos.scm (krb5-configuration): Add dns-lookup-realm? field. Change-Id: Ibb92da1d4330b62225bdd9fd2a8573035f15f590 --- gnu/services/kerberos.scm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index f2f2adda88..b423534ec2 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -298,6 +298,10 @@ (define-configuration krb5-configuration "Whether name lookups will be used to canonicalize host names for use in service principal names.") + (dns-lookup-realm? + (boolean/unset unset-field) + "Should the Kerberos realm of a host be determined by DNS TXT records?") + (dns-lookup-kdc? (boolean/unset unset-field) "Should DNS SRV records should be used to locate the KDCs and other servers -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 13 18:20:22 2025 Received: (at 77001) by debbugs.gnu.org; 13 Mar 2025 22:20:22 +0000 Received: from localhost ([127.0.0.1]:58706 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tsqub-0004JN-Rj for submit@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:22 -0400 Received: from wolfsden.cz ([37.205.8.62]:39352) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tsquL-0004Cc-LR for 77001@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:07 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 98E7929B3F7; Thu, 13 Mar 2025 22:20:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904404; bh=4UvP6378/gVnCLQf0cLp1V+MomqTREsE+oEouL4EtKo=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=he/vGZvoVEhUHp/K1bLNRMPlSuZvggyXbaNGm+rHRHwhel+uaZd0pw8gkIQ35pl3n SFHjzLDyHeee9lVjjvvdkxWsJViYZytwhJYffvtnmF4AZmXV6md72mAFU/wHZj8gvd 5HDhHCnwpOEQrsAXVuVEdPO3xCS8mQAw2L/W6DaqCMnP5HcKT9Cu4NTiMHTzKOdDt/ cUVBkEf+3GnZy1YIcyIMxPJ5n8CrbyyRgnxgvCxFxnBy3a6Hy8ITO4Pf7tTQLUI2Bi q4m3ICObYPmVHJP5NJnxi8Wesu8bL/sGlLowMy1VqXdxM4g1PKTxsf+irXmEYiiWxc RQawpyGirVqR+8KAbdkjgGIYT2ptzQag5G63aTuhXbXUqRj15EClWACx+NxE/KD6Rf UIkzwaxcIpUwgh1AdAC/wdpBA0CsIp1afGlGwriQk3SpBWCjROMDCCU+4L/kR2krUD UtfntjHaXeHPrNwSaqslDRhuj4SDLm6/DRiQTacoEsEwz1KX854kHfMQjGMtlhlFRd yd2BwPUjfi8ArY2BQr651xprkcjvCKk09bkQu8mCDMNmgu0ch6CNBo4xDW5t9ZOVdJ nfWGw2Q3EkT50ha6zeURvossA62o4Rmb8w4RWdXEPnLSWqCRxVJBFe7+IV+wpZKGAh OMhKPI0MnNtFCE0RpnHUKUJE= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id 2CC6529C2B8; Thu, 13 Mar 2025 22:20:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904404; bh=4UvP6378/gVnCLQf0cLp1V+MomqTREsE+oEouL4EtKo=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=he/vGZvoVEhUHp/K1bLNRMPlSuZvggyXbaNGm+rHRHwhel+uaZd0pw8gkIQ35pl3n SFHjzLDyHeee9lVjjvvdkxWsJViYZytwhJYffvtnmF4AZmXV6md72mAFU/wHZj8gvd 5HDhHCnwpOEQrsAXVuVEdPO3xCS8mQAw2L/W6DaqCMnP5HcKT9Cu4NTiMHTzKOdDt/ cUVBkEf+3GnZy1YIcyIMxPJ5n8CrbyyRgnxgvCxFxnBy3a6Hy8ITO4Pf7tTQLUI2Bi q4m3ICObYPmVHJP5NJnxi8Wesu8bL/sGlLowMy1VqXdxM4g1PKTxsf+irXmEYiiWxc RQawpyGirVqR+8KAbdkjgGIYT2ptzQag5G63aTuhXbXUqRj15EClWACx+NxE/KD6Rf UIkzwaxcIpUwgh1AdAC/wdpBA0CsIp1afGlGwriQk3SpBWCjROMDCCU+4L/kR2krUD UtfntjHaXeHPrNwSaqslDRhuj4SDLm6/DRiQTacoEsEwz1KX854kHfMQjGMtlhlFRd yd2BwPUjfi8ArY2BQr651xprkcjvCKk09bkQu8mCDMNmgu0ch6CNBo4xDW5t9ZOVdJ nfWGw2Q3EkT50ha6zeURvossA62o4Rmb8w4RWdXEPnLSWqCRxVJBFe7+IV+wpZKGAh OMhKPI0MnNtFCE0RpnHUKUJE= From: Tomas Volf <~@wolfsden.cz> To: 77001@debbugs.gnu.org Subject: [PATCH 7/8] services: kerberos: Fix order of definitions. Date: Thu, 13 Mar 2025 23:19:50 +0100 Message-ID: <90601b4b93e99be93b8ba0dde7fcb99c5ad10add.1741904210.git.~@wolfsden.cz> X-Mailer: git-send-email 2.48.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Generating the configuration file would error out with error stating: Wrong type to apply: # Moving the procedures below the respective define-configuration fixes that. * gnu/services/kerberos.scm (realm-list?, serialize-realm-list): Move below define-configuration for krb5-realm. Change-Id: I6a520a92cdc3c42d3916cdf33d427dadc531e7d1 --- gnu/services/kerberos.scm | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index b423534ec2..1e826a1455 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -169,23 +169,6 @@ (define (serialize-free-form-fields field-name val) (define non-negative-integer/unset? (predicate/unset non-negative-integer?)) -(define (realm-list? val) - (and (list? val) - (and-map (lambda (x) (krb5-realm? x)) val))) - -(define (serialize-realm-list field-name val) - (format #t "\n[~a]\n" field-name) - (for-each (lambda (realm) - (format #t "\n~a = {\n" (krb5-realm-name realm)) - (for-each (lambda (field) - (unless (eq? 'name (configuration-field-name field)) - ((configuration-field-serializer field) - (configuration-field-name field) - ((configuration-field-getter field) - realm)))) krb5-realm-fields) - - (format #t "}\n")) val)) - ;; For a more detailed explanation of these fields see man 5 krb5.conf @@ -245,6 +228,23 @@ (define-configuration krb5-realm "Used when the V4 realm name and the V5 realm name are not the same, but still share the same principal names and passwords.")) +(define (realm-list? val) + (and (list? val) + (and-map (lambda (x) (krb5-realm? x)) val))) + +(define (serialize-realm-list field-name val) + (format #t "\n[~a]\n" field-name) + (for-each (lambda (realm) + (format #t "\n~a = {\n" (krb5-realm-name realm)) + (for-each (lambda (field) + (unless (eq? 'name (configuration-field-name field)) + ((configuration-field-serializer field) + (configuration-field-name field) + ((configuration-field-getter field) + realm)))) krb5-realm-fields) + + (format #t "}\n")) val)) + ;; For a more detailed explanation of these fields see man 5 krb5.conf -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 13 18:20:23 2025 Received: (at 77001) by debbugs.gnu.org; 13 Mar 2025 22:20:23 +0000 Received: from localhost ([127.0.0.1]:58708 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tsquc-0004JS-8c for submit@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:22 -0400 Received: from wolfsden.cz ([37.205.8.62]:39350) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tsquL-0004CW-Dc for 77001@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:07 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 2F17429BFB2; Thu, 13 Mar 2025 22:20:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904404; bh=FUm19lSmRKurTM+rYkBlkHvXGD4gfTobGczRk9ewWaY=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=hp831L1GXK6TqevBTcMKXbFOA5cK3BXNtLuHZGd3lWyPNXIlqnPy40lXmgbIRcKj4 Rbk0JInu9Pg68E9G7G3Nj+0p1QTL9Ondcbr843V7QW0Kc1KdUqIcfqYD1m7oPW91wV U2johhYEidwJVuMGEJNT89cbVH4rlDMrDbpWD9cVSgOP00WvYydVixUAessi1fXIsy gCnFpVFD9aUDpsu4PFX5jsosCqrpR6K5ibK5HECp2tv7p6e/GnOXuOgnowR0+AM8oV o39pkAqigXjq9XnAohkbvDkRBtp0G8KRTrhNPEcbEOvmmQajiKhuoklyIrmuNfnmUN VUcQO5xpJlMFexiTfHwp9fd9avxJjS9CbIofZYsqFPvFr9tVRf/ZPlzXyftqRwraav ph4/ib5l+/kJ390nV8kKqAIyRYz5fpDwyMmDtj8sEXwH5RdUKHKhvY/93gAIO6qK/9 WejEioSqPpX23HrOP8NIfj2stGMLU+4GdvhlGlDSZAoghxUOyuTS74ozQo+lLl13Wu e5VZI9R84GUELZQFzoGk736KhsB+E+XjT0ayu+RXdR7yrgNHn9Z1DKvbbtqtGuVGmK C7lRvPvizB9QxFl8ANCDFEc3+NQnkBGuBO3MP20bCJ2qOdZozSRVw90mCH87eQQV6z uu6OrKm08x+bK3HQHgAW4v5Y= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id 94CD229C9A9; Thu, 13 Mar 2025 22:20:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904402; bh=FUm19lSmRKurTM+rYkBlkHvXGD4gfTobGczRk9ewWaY=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=L7+vB4L4HY9cDlf+lL5jNiezUdvEMw2zPJNEGua66jkKIDeStfat10H7c+VvpY5EO cDY+ALbolUGJwIEmaKZf4AXPaacuxp6aROMGUiU6NnRNo9tbrqUKMcp3WaqDu0OwFl 3gn2c9sk2Haf5sgstcWhXZJqoh2+0gr90/MRHyTZwnJAsmVJNpW4sqI8kLPelH1MFq lY3vUVgzMbbSeheUm8uqHkxGexsdVJRsdWxWz+F09EOghqUS0nxoGMdVZoCIH3N23E 7LWDh1qm8iDfgXZrrU4qOqB3whTjyR/gJebDbG/tSjrFloRLnE0iBBSy51Gq+5RYfn 3vwnZB3FvLGfb/1guA4m4qHn821I5NBtzFeeP5JQLIBvKXi4qucfgjgEyRZM7HcLh3 R7TfOhNjx46vnoxBXlWW2TIb9Kc9G7XuBdbVSAq/0J9rGO21bCnbOi2oZPeP/ryLhj mJVuoPca+H5i+kGWf8lUoKPveaCD+I5QB7bI7vcsbqW4q1wI4t2sgN2QnxNMrQIn4i QPXrT+mLZi3cjVeFCdDB6+GWloyO4ltbYpsRkX363LK4UBxIhI9/BRFvpBN2xot/wE 6gfrSwZfDm9b6abBVKcY7A+fLGUdNPZ59FbvoVbPkllkXWbUIiWHioSF2nqVO7BRPk ENWG9vh3/FUQZXCq3r5zZZak= From: Tomas Volf <~@wolfsden.cz> To: 77001@debbugs.gnu.org Subject: [PATCH 4/8] services: krb5-configuration: Fix indentation. Date: Thu, 13 Mar 2025 23:19:47 +0100 Message-ID: <8ffc6bb37a477651fdd7011a69ad7cd90a50fb73.1741904210.git.~@wolfsden.cz> X-Mailer: git-send-email 2.48.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/kerberos.scm (krb5-configuration): Adjust indentation and word wrapping. Change-Id: I629c106867e1d4d935b4bc33ae3489f4b0ee0bf5 --- gnu/services/kerberos.scm | 53 ++++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index 61d3a323fb..8d08a27365 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -295,19 +295,19 @@ (define-configuration krb5-configuration (dns-canonicalize-hostname? (boolean/unset unset-field) - "Whether name lookups will be used to canonicalize host names for use in + "Whether name lookups will be used to canonicalize host names for use in service principal names.") (dns-lookup-kdc? (boolean/unset unset-field) - "Should DNS SRV records should be used to locate the KDCs and other servers + "Should DNS SRV records should be used to locate the KDCs and other servers not appearing in the realm specification") (err-fmt (string/unset unset-field) - "Custom error message formatting. If not #f error messages will be formatted -by substituting a normal error message for %M and an error code for %C in the -value.") + "Custom error message formatting. If not #f error messages will be +formatted by substituting a normal error message for %M and an error code for +%C in the value.") (forwardable? (boolean/unset unset-field) @@ -315,9 +315,9 @@ (define-configuration krb5-configuration (ignore-acceptor-hostname? (boolean/unset unset-field) - "When accepting GSSAPI or krb5 security contexts for host-based service -principals, ignore any hostname passed by the calling application, and allow -clients to authenticate to any service principal in the keytab matching the + "When accepting GSSAPI or krb5 security contexts for host-based service +principals, ignore any hostname passed by the calling application, and allow +clients to authenticate to any service principal in the keytab matching the service name and realm name.") (k5login-authoritative? @@ -327,23 +327,23 @@ (define-configuration krb5-configuration (k5login-directory (string/unset unset-field) - "If not #f, the library will look for a local user's @file{k5login} file -within the named directory (instead of the user's home directory), with a -file name corresponding to the local user name.") + "If not #f, the library will look for a local user's @file{k5login} file +within the named directory (instead of the user's home directory), with a file +name corresponding to the local user name.") (kcm-mach-service (string/unset unset-field) - "The name of the bootstrap service used to contact the KCM daemon for the + "The name of the bootstrap service used to contact the KCM daemon for the KCM credential cache type.") (kcm-socket (file-name unset-field) - "Path to the Unix domain socket used to access the KCM daemon for the KCM + "Path to the Unix domain socket used to access the KCM daemon for the KCM credential cache type.") (kdc-default-options (non-negative-integer/unset unset-field) - "Default KDC options (logored for multiple values) when requesting initial + "Default KDC options (logored for multiple values) when requesting initial tickets.") (kdc-timesync @@ -352,17 +352,18 @@ (define-configuration krb5-configuration (kdc-req-checksum-type (non-negative-integer/unset unset-field) - "The type of checksum to use for the KDC requests. Relevant only for DES + "The type of checksum to use for the KDC requests. Relevant only for DES keys") (noaddresses? (boolean/unset unset-field) - "If true, initial ticket requests will not be made with address restrictions. -This enables their use across NATs.") + "If true, initial ticket requests will not be made with address +restrictions. This enables their use across NATs.") (permitted-enctypes (space-separated-string-list/unset unset-field) - "All encryption types that are permitted for use in session key encryption.") + "All encryption types that are permitted for use in session key +encryption.") (plugin-base-dir (file-name unset-field) @@ -370,8 +371,8 @@ (define-configuration krb5-configuration (preferred-preauth-types (comma-separated-integer-list/unset unset-field) - "The preferred pre-authentication types which the client will attempt before -others.") + "The preferred pre-authentication types which the client will attempt +before others.") (proxiable? (boolean/unset unset-field) @@ -379,12 +380,12 @@ (define-configuration krb5-configuration (rdns? (boolean/unset unset-field) - "Should reverse DNS lookup be used in addition to forward name lookup to + "Should reverse DNS lookup be used in addition to forward name lookup to canonicalize host names for use in service principal names.") (realm-try-domains (integer/unset unset-field) - "Should a host's domain components should be used to determine the Kerberos + "Should a host's domain components should be used to determine the Kerberos realm of the host.") (renew-lifetime @@ -401,13 +402,13 @@ (define-configuration krb5-configuration (udp-preference-limit (non-negative-integer/unset unset-field) - "When sending messages to the KDC, the library will try using TCP -before UDP if the size of the message greater than this limit.") + "When sending messages to the KDC, the library will try using TCP before +UDP if the size of the message greater than this limit.") (verify-ap-rereq-nofail? (boolean/unset unset-field) - "If true, then attempts to verify initial credentials will fail if the client -machine does not have a keytab.") + "If true, then attempts to verify initial credentials will fail if the +client machine does not have a keytab.") (realms (realm-list '()) -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 13 18:20:23 2025 Received: (at 77001) by debbugs.gnu.org; 13 Mar 2025 22:20:23 +0000 Received: from localhost ([127.0.0.1]:58710 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tsqud-0004Jd-1A for submit@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:23 -0400 Received: from wolfsden.cz ([37.205.8.62]:39368) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tsquM-0004Cr-As for 77001@debbugs.gnu.org; Thu, 13 Mar 2025 18:20:08 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 4147629C9AA; Thu, 13 Mar 2025 22:20:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904405; bh=WmtN665r4J5+lJ7TZXqEPoUma1BpLX0nWzOE5ShZzo8=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=bZ8lqjyqc3JXNM8sTRx5ETC+YsIv8vzod4Cx5b777r4LTUVm47XwWg8VjZtKBlMgr 8ejtN+G5D7fltWvNxTPGewj0sUnstbUxE8C08Y5Y0OSz67rDv8xJirYl4k/ERQF4tk zJ0Gx7C2ZMHV2TuJ3AaCwxuqUhvPJrwATLE8mWQTiMkvz3W5boVYQsY0E4WRvwo50+ D4v0SXfcHX9TOACaS6JKJuGfGCzbh1tRh4sMTz7RBSjORPJLXqUcEVY9MdkTxPEV1R cIorbkS2ZaZzmhDVmrsbl7/c4sIAUdYrtncLfY2GAMFt89vkL/CicguVLmX5gFWth6 5Y8kSD64jSWq3larMhBOK+93FvXtMyUuLOzQVfQ03eIKLQGH3dSEyf2ppgz+s2rweS Carzd/nrzR7wlQgussKUdz+SIB9HcicCjWaGF/fiuGwTftW58royAHZhM9G7rwPXRp AucmCpXMH+NWqV7I6zpfIpTm93efGg5i1bDZYDt31PYssOXppyl0rK+GTDDXeuogxz yzJOniV0G9961vAL9EnjXr0lsWYylrTYHSpYuHVjySKHuhxUihG9TqKj0VXbqsL03p VAYcIchIuPpKvE3Tr4hWgFK0CYoSO6LgV0gaYzI9qU8Mf85wSkYBR4goTGZCcs50na a2NUhpGBXwvEuWCbRP0H6GT8= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id AA5F929C88F; Thu, 13 Mar 2025 22:20:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1741904404; bh=WmtN665r4J5+lJ7TZXqEPoUma1BpLX0nWzOE5ShZzo8=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=YaI+xEHMYFGH5EGglTJaaNC/gL9j/XHG7Rqp3AXgmt4/7BSjUO7DoigsJPZ8oJUEe cE1zQnChrEMa2v13i5/65vVUvovoW9oKDV4n8487v5TiPUpFwTC1sDh8Ez5F07bKsS vEINYDF2VWxOuv8JAYhUSx3gEtS/8R0E68uZ2e4JJueXwfWjItId/AEHzCkBuF/7S8 A1t+N6li1Re2ahZm+XcqY5iXcQh4fCQx4nASNGPdwOO2oJStYP6SHdHGp5sTIquipu xf75nsDVA0fVH+sLiOFX3WROd3C9U/jGt0Xwl7He1DaR+UY/6Cn3XRQqCgBEFnGkJ4 gr1Jir7Zl9DGBLOnqcbM2e11EPfrOvmjAjPigD+sq20mdS8kDpUeFB1VKjwM7psuCT VBwbQk+vZChScUdEteOX3nQgEt290vutnyoN2hdS6L3PZXIEF6cLU8wzq+lIinC/JN D7QeP3dG2EdLhK+MdRRfOUUwBYAf6mGbCpoXQ+CJDN9f403htNk8lApZDA5eEXuw7I a1+SmVSd5v510rRrHkB70eH7DsIE/9XOTzu1Ow+eVbTC/PYf3fYJUOD8bsMZSmT9jW 6LqAdyhEVNhmamdl+x0k/UH0p1K0LFhOFGtrWLPdzAnKDO/1eTKnJ48a2714vKeSQ8 mphkJEilNyf8UJu/IxeoYkVE= From: Tomas Volf <~@wolfsden.cz> To: 77001@debbugs.gnu.org Subject: [PATCH 8/8] services: krb5-service-type: Support launching KDC daemon. Date: Thu, 13 Mar 2025 23:19:51 +0100 Message-ID: <152c7158621d0b623dfa36365a80370f69b2e06a.1741904210.git.~@wolfsden.cz> X-Mailer: git-send-email 2.48.1 In-Reply-To: References: MIME-Version: 1.0 X-Debbugs-Cc: Ludovic Courtès , Maxim Cournoyer Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/kerberos.scm (krb5-configuration): Add krb5, kdc-shepherd-service? fields. (krb5-activation, krb5-shepherd-services): New procedures. (krb5-service-type): Use them. Change-Id: I091ae2a6ef25f5ce95123c29588749483954c2ac --- doc/guix.texi | 12 ++++++----- gnu/services/kerberos.scm | 43 ++++++++++++++++++++++++++++++++++++--- 2 files changed, 47 insertions(+), 8 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 05c855c5ea..a58cf40b63 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -32125,11 +32125,13 @@ Kerberos Services @subsubheading Krb5 Service -Programs using a Kerberos client library normally -expect a configuration file in @file{/etc/krb5.conf}. -This service generates such a file from a definition provided in the -operating system declaration. -It does not cause any daemon to be started. +Programs using a Kerberos client library normally expect a configuration +file in @file{/etc/krb5.conf}. This service generates such a file from +a definition provided in the operating system declaration. + +When @code{kdc-shepherd-service?} is set to @code{#t}, a shepherd +service for @acronym{KDC, Key Distribution Center} is created. +Otherwise no daemons are started. No ``keytab'' files are provided by this service---you must explicitly create them. This service is known to work with the MIT client library, @code{mit-krb5}. diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index 1e826a1455..3d1ab01cb8 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -17,10 +17,13 @@ ;;; along with GNU Guix. If not, see . (define-module (gnu services kerberos) + #:use-module (gnu packages kerberos) #:use-module (gnu services) #:use-module (gnu services configuration) + #:use-module (gnu services shepherd) #:use-module (gnu system pam) #:use-module (guix gexp) + #:use-module (guix packages) #:use-module (guix records) #:use-module (srfi srfi-1) #:use-module (srfi srfi-34) @@ -416,7 +419,16 @@ (define-configuration krb5-configuration (realms (realm-list '()) - "The list of realms which clients may access.")) + "The list of realms which clients may access.") + + (krb5 + (package mit-krb5) + "The package to use for @command{krb5kdc}.") + + (kdc-shepherd-service? + (boolean #f) + "Whether to generate a shepherd service for the @acronym{KDC, Key +Distribution Center} daemon." empty-serializer)) (define (krb5-configuration-file config) @@ -431,15 +443,40 @@ (define (krb5-configuration-file config) (define (krb5-etc-service config) (list `("krb5.conf" ,(krb5-configuration-file config)))) +(define (krb5-activation config) + (if (krb5-configuration-kdc-shepherd-service? config) + #~(begin + (use-modules (guix build utils)) + (mkdir-p "/var/krb5kdc")) + #~#t)) + +(define (krb5-shepherd-services config) + (match-record config + (krb5 kdc-shepherd-service?) + (if kdc-shepherd-service? + (list + (shepherd-service + (documentation "Run a krb5kdc daemon.") + (provision '(krb5kdc)) + (requirement '(user-processes)) + (start #~(make-forkexec-constructor + '(#$(file-append krb5 "/sbin/krb5kdc") "-n"))) + (stop #~(make-kill-destructor)))) + '()))) + (define krb5-service-type (service-type (name 'krb5) (extensions (list (service-extension etc-service-type - krb5-etc-service))) + krb5-etc-service) + (service-extension activation-service-type + krb5-activation) + (service-extension shepherd-root-service-type + krb5-shepherd-services))) (description "Programs using a Kerberos client library normally expect a configuration file in @file{/etc/krb5.conf}. This service -generates such a file. It does not cause any daemon to be started."))) +generates such a file and (optionally) a shepherd service to run a daemon."))) -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 19 12:25:18 2025 Received: (at 77001) by debbugs.gnu.org; 19 Mar 2025 16:25:19 +0000 Received: from localhost ([127.0.0.1]:52693 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tuwEI-0007DB-1s for submit@debbugs.gnu.org; Wed, 19 Mar 2025 12:25:18 -0400 Received: from wolfsden.cz ([37.205.8.62]:48798) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tuwDz-00075N-5a for 77001@debbugs.gnu.org; Wed, 19 Mar 2025 12:25:01 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 2A6D3299245; Wed, 19 Mar 2025 16:24:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401497; bh=NfuMaR3+0UBwWNFjDKIw5wufrVkLU8GrSADKiQd2tW4=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=EHyTMcBZRzqii/J9rxyARCgqAnusMTRsjhTiAegnrCBqr2tYGAzlYwe5QH9TwobsB eLh2rYxEu9Un29dqwmbNTb41uKqUZgU+BVy+vtS2l6Dg+NPGwtwc7zPMbX9XrMzYfy U4e5eDPmfP7Te4p7q7D+QTgSufnEvLbnYw+xojFftnvFGhhP/mqshmXxhoifnOLrTL IMTB/QD5d+pT1t5fxO39w3zHHMOEtZj5Sfen+9JAFHOqtclW5+gAcf3Rk9i1zX/2FN VWdMwP/cwYjjrJR8ce6Lb3oKz3/Y1sWh/t0cz1Xf8ZPnMdNAEv10Mxe5a3hUd+WhXG Y/iocvCa14oK8lwoJdUKPo0RcUnRdAkTF1nmspYJUXWxMiPsdOpW4WI8I0tvSZhdCj nDz9X6ua/NtdVvMzPPigT07Dr6pLv1EPujhNq8V1RNIrL04Jw9E8dOOi8F/MvV5wZK JG4gGu0358I6MzHlYzo4LpcZpGZLFa5BpradQbkT1rblOh66SjhqkNDAzdg0SWk5Zg lvwDH2NHEwg8ZNvDOFwDX+ZgCT6gmgucvBlMtr53DJ92W88YxIMRSmIceS36XWHWtP Z+4NwZ/hR9bU6Zo7PBdZHTX0L/o9X+2NwpFSMYiRXQFmxw4NI3UBsob6eSH/c9gcix AnZU8DLQfj48co+m3iFboLOA= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id C4215298767; Wed, 19 Mar 2025 16:24:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401496; bh=NfuMaR3+0UBwWNFjDKIw5wufrVkLU8GrSADKiQd2tW4=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=c6O0XahwV7C3hcfM28I7xXwmk24oNJZVLxdwu41Hjq46F4SNacLqIX+6LQh1HY471 RcHTmwnM7B9V5xbDIiT5ARUSI4ty8MY1HYMQwawvV2/vflZfU6vngB6GxlOQdgWVAp nNoST97IchzdmzBOgPSodwAAa2YQuMJZOe9pZNBPurOa2Ib1VwJaK7kHxqH+nEiRnb seKT8lnD1Xuj6K6xT2PVBQhr3MlOXn6kO7Ht8Zlvi1bad6KCdWveLhmuLFeXG2NAML TrKB6DONc0pSf3h7q8h4PQUQsRW5zPg6SzwX8e6zqZVfzuqiJZVVAeXLchM6TGw3W1 nShwsCkdG+zZb/5fOOakduuolS0SYPg8pE/SH/84+I8u0hyRkQl060P2Ha4OGdbkWI 2Qtb0L+IiHs9gVsvUN9J5CbCsJDAaMf5PO4xxyjh8JLudaapvrjuGITQUvFc7CKQtj YYMSP59KoJ+T2CVuy5OPr1V6MsTk/YBosvGIJKIk/J2FMTkh578KmCzl/ln04Qu4u7 bo/r/qgitI2IWBqVAxBGvI16G4e2h5EJUu3682uWN+ezu1ExVbxUrQvyTpYHXOdaxH WaA2Tb6T2jo7XrEFG3VWBGyrwkM0TdIu55vSzSYQhDP0eUFHAQW9V8F0uscczu6p1o gyenC7XxNn2NCRRa1IjY8HII= From: Tomas Volf <~@wolfsden.cz> To: 77001@debbugs.gnu.org Subject: [PATCH v2 2/8] services: krb5-realm: Unify style of documentation strings. Date: Wed, 19 Mar 2025 17:24:28 +0100 Message-ID: <485a3d103e71d81c4502053bbe393042a91d4f02.1742401473.git.~@wolfsden.cz> X-Mailer: git-send-email 2.48.1 In-Reply-To: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> References: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/kerberos.scm (krb5-realm): Add trailing periods where missing. Remove double space. Change-Id: I5dc47326c598548075f13a5ec48c24a0886a9a69 --- gnu/services/kerberos.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index e93f4bc648..ee0deec2e4 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -215,7 +215,7 @@ (define-configuration krb5-realm (default-domain (string/unset unset-field) "The domain used to expand host names when translating Kerberos 4 service -principals to Kerberos 5 principals") +principals to Kerberos 5 principals.") (v4-instance-convert (free-form-fields '()) @@ -223,8 +223,8 @@ (define-configuration krb5-realm (v4-realm (string/unset unset-field) - "Used when the V4 realm name and the V5 realm name are not the same, but -still share the same principal names and passwords")) + "Used when the V4 realm name and the V5 realm name are not the same, but +still share the same principal names and passwords.")) -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 19 12:25:39 2025 Received: (at 77001) by debbugs.gnu.org; 19 Mar 2025 16:25:39 +0000 Received: from localhost ([127.0.0.1]:52696 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tuwEZ-0007H3-2M for submit@debbugs.gnu.org; Wed, 19 Mar 2025 12:25:39 -0400 Received: from wolfsden.cz ([37.205.8.62]:48800) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tuwDz-00075P-FY for 77001@debbugs.gnu.org; Wed, 19 Mar 2025 12:25:06 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 9CEBF387FE7; Wed, 19 Mar 2025 16:24:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401497; bh=9dsUKkXRGPUcPFkwpov1axZg1+xzg9gyBITE3abNN34=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=iamew77XDA61l95FoJZXBaqQdCy8ZnJJMysLvtlBode2X6eyrNAVbxIPRl0H535Ik Vwz+9vDXRl/7y6je6J1pJ3AuxW6+qDq7z5Cxp9YiPgJkwVuC/xmSkPxBVYwnksMA9F o2XPTQJmnqzKCMrShEMoCoGR2qMEe+ktybWGKHSGHlI7Qfs9FTqjfL8uKDOSTp061K i3jcD/uRjaFn10eLzo7UR5/D/DI1KvNb2scLoTsxLATVu9g+EW57/A2lUT8m1/a+aj /2Uv9CuUnpA16YaQu6XsZe1Y83Ju2zZMyHJ4uw7Mn/Gch+g2asVCArjFAZ4h1e0dfP e05Xf1ic60ZuhWM0PrE8WtRCIa7B18YuhU1HIEBJj1Xij19clFXiGettDCo4NabZgV 6RQIhsUFXAHQQC27e+6pDSn3UVA/SEKz1Jdw5x/sif3mrvGAh+32m0mhkiZJqHk0H4 qWmWsvdnqp7QpBk8HV9Zs7pc2Uyl9eQUegezMcyu9HCbJFz/TxE0aGVUe+Dp97bdYM JZTBAotFt9A9/phOX4vlWBV6BYKxfKC3V3mIgwWSBoSus5xkhYz1fmV0kNTpmrRWD4 RkkWtblOAsnE+CXiRwJJm4/2+jTFtdQjyRsxZ/9ZppAgV2+xo4jCdbDD8sEorRo/6q wNbkNFn0hUkUeU1oi8GZvnoE= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id 47152387E71; Wed, 19 Mar 2025 16:24:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401497; bh=9dsUKkXRGPUcPFkwpov1axZg1+xzg9gyBITE3abNN34=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=iamew77XDA61l95FoJZXBaqQdCy8ZnJJMysLvtlBode2X6eyrNAVbxIPRl0H535Ik Vwz+9vDXRl/7y6je6J1pJ3AuxW6+qDq7z5Cxp9YiPgJkwVuC/xmSkPxBVYwnksMA9F o2XPTQJmnqzKCMrShEMoCoGR2qMEe+ktybWGKHSGHlI7Qfs9FTqjfL8uKDOSTp061K i3jcD/uRjaFn10eLzo7UR5/D/DI1KvNb2scLoTsxLATVu9g+EW57/A2lUT8m1/a+aj /2Uv9CuUnpA16YaQu6XsZe1Y83Ju2zZMyHJ4uw7Mn/Gch+g2asVCArjFAZ4h1e0dfP e05Xf1ic60ZuhWM0PrE8WtRCIa7B18YuhU1HIEBJj1Xij19clFXiGettDCo4NabZgV 6RQIhsUFXAHQQC27e+6pDSn3UVA/SEKz1Jdw5x/sif3mrvGAh+32m0mhkiZJqHk0H4 qWmWsvdnqp7QpBk8HV9Zs7pc2Uyl9eQUegezMcyu9HCbJFz/TxE0aGVUe+Dp97bdYM JZTBAotFt9A9/phOX4vlWBV6BYKxfKC3V3mIgwWSBoSus5xkhYz1fmV0kNTpmrRWD4 RkkWtblOAsnE+CXiRwJJm4/2+jTFtdQjyRsxZ/9ZppAgV2+xo4jCdbDD8sEorRo/6q wNbkNFn0hUkUeU1oi8GZvnoE= From: Tomas Volf <~@wolfsden.cz> To: 77001@debbugs.gnu.org Subject: [PATCH v2 3/8] services: krb5-realm: Add default-principal-flags field. Date: Wed, 19 Mar 2025 17:24:29 +0100 Message-ID: <369678163bb94b49a39ca88319e3292dd5498626.1742401473.git.~@wolfsden.cz> X-Mailer: git-send-email 2.48.1 In-Reply-To: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> References: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/kerberos.scm (krb5-realm): Add default-principal-flags field. (serialize-comma-separated-string-list/unset, comma-separated-string-list?) (comma-separated-string-list/unset?): New procedures. Change-Id: Ie5f787ca0745dd6234ea4577b39a58d71e4fa6d2 --- gnu/services/kerberos.scm | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index ee0deec2e4..1a7cc5774a 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -107,6 +107,19 @@ (define (space-separated-string-list? val) (define space-separated-string-list/unset? (predicate/unset space-separated-string-list?)) +(define (serialize-comma-separated-string-list/unset field-name val) + (unless (eq? val unset-field) + (serialize-field* field-name (string-join val ",")))) + +(define (comma-separated-string-list? val) + (and (list? val) + (and-map (lambda (x) + (and (string? x) (not (string-index x #\,)))) + val))) + +(define comma-separated-string-list/unset? + (predicate/unset comma-separated-string-list?)) + (define comma-separated-integer-list/unset? (predicate/unset (lambda (val) (and (list? val) @@ -199,6 +212,13 @@ (define-configuration krb5-realm (string/unset unset-field) "The server where password changes are performed.") + (default-principal-flags + (comma-separated-string-list/unset unset-field) + "Specifies the default attributes of principals created in this realm. The +format for this string is a list of strings, with '+' before each flag that +should be enabled and '-' before each flag that should be disabled. See the +manual page for details on available flags.") + (auth-to-local (free-form-fields '()) "Rules to map between principals and local users.") -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 19 12:25:39 2025 Received: (at 77001) by debbugs.gnu.org; 19 Mar 2025 16:25:39 +0000 Received: from localhost ([127.0.0.1]:52700 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tuwEd-0007HV-5s for submit@debbugs.gnu.org; Wed, 19 Mar 2025 12:25:39 -0400 Received: from wolfsden.cz ([37.205.8.62]:48812) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tuwDz-00075g-NW for 77001@debbugs.gnu.org; Wed, 19 Mar 2025 12:25:10 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id AD19929A00D; Wed, 19 Mar 2025 16:24:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401498; bh=nsYk8z1VDhUQ6VCgq5aHxIh6SKOy2nE2vRFqbGI/tDM=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=O19EcxX+VJPW3qJBoTm/PV36QBXcPKZmNolNsec6s650BCaMFW+Ww5Ign9s8kC+ze i6Z7PA0okfbCuqUyxE0rA1K6dBKtxjNkVtOiixt0msfK/hEMQmdV2AmK9KGO7KI846 RLfMwQ6yDz6QZkLhR/KOQOBUZY44QaZ9MhHYgOAYKly/INULv1tAWKMYIjBk/qbBME +K/JlrlT5XCMPE2ds3lDgNOq0Co5h+HAmZlMC1ozyRpO8rE6zbAgdTf1RBYoTqkpvo TgSowHh2Nzk869lG4AFjYMzF/U7TbqiU9pXkr7jE6NuCAc8XOfasJD3Ie4Qo1pyb+5 rqNaVIs5G8Ov1uEse8il9H4eh50Rcwre0ggb8jqitXqRfNdn9zaU4uwfuAx6Ss6muw 2Veom3NDoXAKqvIig2yYFEYXF8DUxDbkj+x1DqFCz1JbJ838OO/Jep+E6AfTpB+/wC 7jV96PfF4QvTDCvaL/tJmVbVNaS74Hs5GfPElBwML3URgVOp1XIpZdWOI7e6jDqwYv LiYGz0EjBbdGs1sezUYgLsSSuHCcjWnaCBiYwRtKfMWWHuIqCw/lV5RM7P+36opSLI CHco2gZ2xN4S0uaTLNGr2bzDI0nX0K+855R5PnQoPimSKCv6DzgUOrr2n5CZ8rEGx4 znIbw1UiLYAFQKkQ6o2jZd5s= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id 4CD82299427; Wed, 19 Mar 2025 16:24:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401498; bh=nsYk8z1VDhUQ6VCgq5aHxIh6SKOy2nE2vRFqbGI/tDM=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=O19EcxX+VJPW3qJBoTm/PV36QBXcPKZmNolNsec6s650BCaMFW+Ww5Ign9s8kC+ze i6Z7PA0okfbCuqUyxE0rA1K6dBKtxjNkVtOiixt0msfK/hEMQmdV2AmK9KGO7KI846 RLfMwQ6yDz6QZkLhR/KOQOBUZY44QaZ9MhHYgOAYKly/INULv1tAWKMYIjBk/qbBME +K/JlrlT5XCMPE2ds3lDgNOq0Co5h+HAmZlMC1ozyRpO8rE6zbAgdTf1RBYoTqkpvo TgSowHh2Nzk869lG4AFjYMzF/U7TbqiU9pXkr7jE6NuCAc8XOfasJD3Ie4Qo1pyb+5 rqNaVIs5G8Ov1uEse8il9H4eh50Rcwre0ggb8jqitXqRfNdn9zaU4uwfuAx6Ss6muw 2Veom3NDoXAKqvIig2yYFEYXF8DUxDbkj+x1DqFCz1JbJ838OO/Jep+E6AfTpB+/wC 7jV96PfF4QvTDCvaL/tJmVbVNaS74Hs5GfPElBwML3URgVOp1XIpZdWOI7e6jDqwYv LiYGz0EjBbdGs1sezUYgLsSSuHCcjWnaCBiYwRtKfMWWHuIqCw/lV5RM7P+36opSLI CHco2gZ2xN4S0uaTLNGr2bzDI0nX0K+855R5PnQoPimSKCv6DzgUOrr2n5CZ8rEGx4 znIbw1UiLYAFQKkQ6o2jZd5s= From: Tomas Volf <~@wolfsden.cz> To: 77001@debbugs.gnu.org Subject: [PATCH v2 5/8] services: krb5-configuration: Unify style of documentation strings. Date: Wed, 19 Mar 2025 17:24:31 +0100 Message-ID: <61be58313ebc960e5aa3f87963668473fa4f1c52.1742401473.git.~@wolfsden.cz> X-Mailer: git-send-email 2.48.1 In-Reply-To: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> References: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/kerberos.scm (krb5-configuration): Add trailing periods where missing. Add double space. Add @file. Change-Id: Id2d985df1e55566cb62f7355c2e4f0ca7d9924f2 --- gnu/services/kerberos.scm | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index 8ebcec3291..5ac3cd1830 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -302,11 +302,11 @@ (define-configuration krb5-configuration (dns-lookup-kdc? (boolean/unset unset-field) "Should DNS SRV records should be used to locate the KDCs and other servers -not appearing in the realm specification") +not appearing in the realm specification.") (err-fmt (string/unset unset-field) - "Custom error message formatting. If not #f error messages will be + "Custom error message formatting. If not #f error messages will be formatted by substituting a normal error message for %M and an error code for %C in the value.") @@ -324,7 +324,7 @@ (define-configuration krb5-configuration (k5login-authoritative? (boolean/unset unset-field) "If this flag is true, principals must be listed in a local user's k5login -file to be granted login access, if a ~/.k5login file exists.") +file to be granted login access, if a @file{~/.k5login} file exists.") (k5login-directory (string/unset unset-field) @@ -353,8 +353,8 @@ (define-configuration krb5-configuration (kdc-req-checksum-type (non-negative-integer/unset unset-field) - "The type of checksum to use for the KDC requests. Relevant only for DES -keys") + "The type of checksum to use for the KDC requests. Relevant only for DES +keys.") (noaddresses? (boolean/unset unset-field) -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 19 12:25:40 2025 Received: (at 77001) by debbugs.gnu.org; 19 Mar 2025 16:25:40 +0000 Received: from localhost ([127.0.0.1]:52702 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tuwEd-0007Hd-J3 for submit@debbugs.gnu.org; Wed, 19 Mar 2025 12:25:39 -0400 Received: from wolfsden.cz ([37.205.8.62]:48784) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tuwDz-00075K-61 for 77001@debbugs.gnu.org; Wed, 19 Mar 2025 12:25:09 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id AFEF02997A2; Wed, 19 Mar 2025 16:24:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401496; bh=FEizIFwm0e/ozRgDbkjKjTbB3+H3s50d45/wrM37jys=; h=From:To:Cc:Subject:Date; b=KFzgJFQuyVagHvwRKIgorBi+SulkkX/hEBOCs7X1usQ5cuSCgoJ3AOranPl+oBeMt x9aYewqxTJA2nVHS4z/OajFtAExDtaZisgGKiL85FNqIOTpx8ZyDFThCIPi9HYcTdf IejIObBbs99qD9ZSas1uR5KyJ8ziDA66OEPigZGascpCOlMhdu6dEPnPecufP+BpSQ stx0XwgywDGjvXD8uTHtTPNQJLu2hF7W0BFG8g+KdDMBfiQ+txXoqkoFyRtKGmaf9m yu0HEoM+6ayVRMnW9WdZp603Gf+BYhr/BTjj1sA/6NHHyZdKJaMNmIOA+7NOqzNy2o d7K3SJfH/UgtKaYNHlI1OsP+/ukcWTLKABCKutTnTnp8fu3ERBKdTitctR+lY2jYbf f0Vm2gjTMmquaDFja9AhYcURCvLXuWWAZ9K5aF640M/vafC1D2ag8wMgsMH1ij04uf UlhECFvl2HWrI0SZ21one13zpAhkbpC15nsF+F9fRvUwt7G9cKFfUX7ZsdMHaewjJ3 WojDZrv+GirMnAaRZhYvj6C3RFVEzEVF37/x/vCBWhJ67eUIBkVm5B4XUo5G1J99iw SNcgRzZJPgvcnIguD4j7+aV9HWeLpcBX7eMNl/C4V6bvTaHSHGqnUS/0tMfgqn6Cai QWFo75SBfY3ZCez6rWbRnaFk= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id 5794A298F6B; Wed, 19 Mar 2025 16:24:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401495; bh=FEizIFwm0e/ozRgDbkjKjTbB3+H3s50d45/wrM37jys=; h=From:To:Cc:Subject:Date; b=JY7yDZPloQ8aCkm+Selh5Rv6llIOe5bq537wrucIx4Nfaq6TLXkt362C57967HCw1 ArCn9CWgMR5ByVIao5yewK1yI84564ibEGaP1Ov/p+xqMkAx4Oo+fSoA3BnQVNJgmD 47brnZf3qp58kZ/XJYS7Pmg8HimYebGgpsMC890ZxoIHnPWqZ8h0GA/AHs+dwO5Q3A T1oIwyiICEXjG41GOHiOPPGnP8bqaK7x+f9wNOs5HKSVai2++9daiK5ik1kpDLJOKD X3kqKMpwRxK5GtUG8bg9KdkHtIfVI9aP1349KBUKy+CcwryJGDD2TKLQR+dy4pWpMz Ffv2lmNUav4zMjUxDgV8+NAYWbT38u2J4QOioobRmnCrud+vm1eq0sdrxTAeMJw8u5 lcsVd74c+D/TJUyQAXUbWkrSLZV7iZjo2vEvSQmJFGWloE1sJ7vEiM1uNcxqasDP4r 9cR2xDy+HNAAbdl2IB/5QTLp44ndL1LPP7G+Tew+WqZhP0c1g4UEqvaafOWPCkX3Wk fsooR28Oti0phMpFRq+2PYM36gb08lNi/66SE9gDmwdJTdK5ko17OFcsHTYINNQ3J8 krpQfPJzL8P5mzKOCyZ2hitXMd++tLZd+aqGOOa5F/vVDB0FdKtrYrJyw7L/8YsNtk 0zuDBl9fA/P8PwyXLL1ymWSA= From: Tomas Volf <~@wolfsden.cz> To: 77001@debbugs.gnu.org Subject: [PATCH v2 1/8] services: krb5-realm: Delete trailing whitespace. Date: Wed, 19 Mar 2025 17:24:27 +0100 Message-ID: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> X-Mailer: git-send-email 2.48.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/kerberos.scm (krb5-realm): Delete trailing whitespace. Change-Id: I3e92d53b0910660aeed318015841ec0ca8892430 --- v2: Add copyright. gnu/services/kerberos.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index a6f540a9b6..e93f4bc648 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016 John Darrington +;;; Copyright © 2025 Tomas Volf <~@wolfsden.cz> ;;; ;;; This file is part of GNU Guix. ;;; @@ -191,7 +192,7 @@ (define-configuration krb5-realm (master-kdc (string/unset unset-field) - "If an attempt to get credentials fails because of an invalid password, + "If an attempt to get credentials fails because of an invalid password, the client software will attempt to contact the master KDC.") (kpasswd-server -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 19 12:25:40 2025 Received: (at 77001) by debbugs.gnu.org; 19 Mar 2025 16:25:40 +0000 Received: from localhost ([127.0.0.1]:52705 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tuwEe-0007Hp-5G for submit@debbugs.gnu.org; Wed, 19 Mar 2025 12:25:40 -0400 Received: from wolfsden.cz ([37.205.8.62]:48816) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tuwE2-00076M-Vb for 77001@debbugs.gnu.org; Wed, 19 Mar 2025 12:25:09 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id C17E5298CC9; Wed, 19 Mar 2025 16:24:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401499; bh=DJY6xLf42+o+Pc05pIjTUu66aYVSMIqHe+ZJzDckpWY=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=kCdbZeZXqoKygih6N0KjGnqSPHWCYpQ/XoZlamMcmHIeXnKyrJ8qfBbqh62XsXMjq Btg018lxWpmckuv7/SoMLO1BtLoywCPk8fFQABQqbvo6pXKKo90QCe0x8sKQGiHZDA 9oXbYFxSzoQ+ljVAQvNRruM3iuE/7/0DDCxenSb3g6LoZtSILlx2cpE8FSQ/jQUPb3 jLuEkrwRXWedRpfXQzaDtdKxyYgaVbpNUhyhz4Xxjf3GqvhevL3APRphgMYfl9QO10 xi2uA5KdpsiTnUtMus/lMj3Yq657OwP6aPelr+mCfICdz8JI70Swr566mNvNfVU4gs 4Z25R3QKy8reDbxNI7ktMNvzZJbRwufU1tlfl4T3fQAUxgzaRt/en43va6VOH1lT+K Ncuwy6YkARB1hLY94IXXcT4Y3ymkkhwCB+oKlPBGy+iFrO14hTYH7ySOncRxN6Gdn8 uYnqh7ibsjTe4P5WntFurSCyWY1FbO4XY+5TxpmYQiz8yRADG68kxdkVCeHVIMkTvu dciWH47GtoTAI4W4zGXxh2yY1lflUkq3O32m8htDDPMjkaApqVqzr1DCjyWtSZHSJV DFLvJLajPl0YcV7LWAU0YkLg0WrxPvce8UcLlfTA00ffG7xdl7w952e/7+xjBrXFZJ dXuP/+eMeBF+zCsWr/Xo9kXI= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id CAB9E29A202; Wed, 19 Mar 2025 16:24:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401498; bh=DJY6xLf42+o+Pc05pIjTUu66aYVSMIqHe+ZJzDckpWY=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=th1G3e3nHvQ60SIiyNtuAoWMvImTgDbwcDa3HxpR/vme//vH2ceCqWgL39mjeavYh u/SNjnQUR65bPFDY3Zg5TYqZc4gZXQEVcIm7jpqnBiD/eFS+xhi6cGvkk5nyNiQMxZ WefjvP+dUBg06/P/o4Pldo8y91DGvJYMymrjV0Sr9wnCcaMYzmjO/Z8KSiO/rSYn+J r8DJ322bMggQareGJm/CmKsoZwI0W3T4Nytfhb/J8lZXPXE0pk1oHdkOKGur8J/yJJ AnwAbdUq/NgyEvE4eQx9oTO+4gVacSDFqitBhjXXsjZ281lw6jtcKan0SfOaFJ8Y5x H1iwKiYZRCRp9Tyk+gZpjPPAPkV2LOP5GxoY129//JaMnaq46jRcZBwrzYFzh4Y+iM JlX4Db63A+7e45wLzfGU+NjSz0b9eK+oHluhq79Hucxg3C9xaTGD0vxICxyw5wL3tT 3EyCe6BzgQEZKOSyeShXe76pGtnyN8QKFouzSSiJTB7GsYPwGQzZLFFu7x1vd5PdGd 9bMM08ljiLnwL3Be5rG1SKhgdME/P6vGR1KDKogEWGUuhxINvX8qPUo94eWXhziQX8 ZcWaFExLLmj2vhqKvZFeEcGAAC+6IdA0Cson0PkKpRjt9VR7CiWZnMYfmxlnoP17fF FKbEH+NWSgMZkruIZ/NcAchg= From: Tomas Volf <~@wolfsden.cz> To: 77001@debbugs.gnu.org Subject: [PATCH v2 6/8] services: krb5-configuration: Add dns-lookup-realm? field. Date: Wed, 19 Mar 2025 17:24:32 +0100 Message-ID: X-Mailer: git-send-email 2.48.1 In-Reply-To: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> References: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/kerberos.scm (krb5-configuration): Add dns-lookup-realm? field. Change-Id: Ibb92da1d4330b62225bdd9fd2a8573035f15f590 --- gnu/services/kerberos.scm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index 5ac3cd1830..de85b43223 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -299,6 +299,10 @@ (define-configuration krb5-configuration "Whether name lookups will be used to canonicalize host names for use in service principal names.") + (dns-lookup-realm? + (boolean/unset unset-field) + "Should the Kerberos realm of a host be determined by DNS TXT records?") + (dns-lookup-kdc? (boolean/unset unset-field) "Should DNS SRV records should be used to locate the KDCs and other servers -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 19 12:25:41 2025 Received: (at 77001) by debbugs.gnu.org; 19 Mar 2025 16:25:41 +0000 Received: from localhost ([127.0.0.1]:52707 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tuwEe-0007Hr-Dz for submit@debbugs.gnu.org; Wed, 19 Mar 2025 12:25:41 -0400 Received: from wolfsden.cz ([37.205.8.62]:48826) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tuwE2-00076O-Va for 77001@debbugs.gnu.org; Wed, 19 Mar 2025 12:25:10 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 00321299892; Wed, 19 Mar 2025 16:24:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401500; bh=DFfDqs1er3Xivg5lqdjy7KsvstcGp413/HJ7AOR+hoc=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=Fan+tOilvgk+fFCcJ8ntMHk8fI0ni36QwCf0AbfFLlGOGL1Z7ccbQnVdB3ItojYFB Q1dIrFHgpK1v8D8DF9D4cYC0fonD5HUr2to1oDmuOZCLZRwvemtgVo68SdLkYUhah/ xJtUBryDCu2d3Wb907qXywGlNLnLdqPEPFC4/Hqc/O/Ha8kY5IM4BwIltYj/X+xdcJ FNTkvjZVKztWxCpvnYaRauLPi2CX13U3I/KCZi6lrGe8Qp+yaxCaWqLwqZLKZy9o+p A1YiuC0woNUuNVLIhnuUKz9LwgXuv3X13y9h7IMSg1i7BWoJcq/J8BLd9yiTm/jC2o nWNZdEB3LUwNONuyanANdHdZtvpUtf170D2fjjZQwHsUCPBy+6l2uWDVA12cBBdetK odLuLuQd7eFot0bcWhEB86kFhDbrOwBkfZYzGTwUIZyBJciSKrryVnL89nrKVrJLaC LurK/KuIxpnrwL+s0Sz1Bzu7s8apgv0asrN/35wHcTWPwO/JmrBiKhXGYniDW71L0E eLsclkzT8y8Lu0V4QPVIi+eHBr8iNuLIE9pA99VKEe5KRmzmV4wnJTT3vh4CqaAe56 ker/IesQKvy5NWElUT0/V0Hifuxx4+iGyeJ2XyZCxlzRgGDoEzm//EecyBiw4NGTx3 g5I51VDu2/oOviwE56Pzr84Y= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id 52E1529876B; Wed, 19 Mar 2025 16:24:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401499; bh=DFfDqs1er3Xivg5lqdjy7KsvstcGp413/HJ7AOR+hoc=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=IFvRmjOgNfLsTDy+lI1z2B75ZGZVxk/rLrTlQdkm7RO6Fqa0huTYXnpQek0wCNZu4 VL6NWtXOWTqucqDrh/kjEYp5dSbwPUe3ASzI7N5x0Exuym8+uBmu02YuTLVtDa8i0p Iq3XuPfTHzLyxAYd9A/VNBB844PWL9YxobfG8Y2vQvQ23S3cKce4Xv3yYSjdV+2uIX PIU+x193xuZ0gUCPxphwqvEuxwLLEZvaoxdwFBpfD5TWn7ed+LuL1v3Hs+xXEhVtlA LzH6XO4MRLrpWncGwnpjm2RSQDYcBShw8eGiBkuJp7Y90x640KMSATDKiGVQpsEhUJ Z9MGPCqCj5Nuo9c0V45GqTSr3cNCqG6esadiEu7FKlY+qduYx2jDWIFlXYrvqYZBWc 8UU2RsI2jIhAVssY3R34s09CgAe/W5yE7lNb74aJ1V/dXNY6PbRvi1UyDQJAH6ooEm XsRzEfoRdofvySp3uyyuTXEB3KxLyr1PD/DcCpszFnkZ1eE+s03LWP2c/pxYGfMsiv 7WDSOC5ZW/jn3odhbEtE40K/clV6eNUl1eqQWMF6g4ux3WJRWgpcis1NSRMKYwwj3B L9frXoE6UkQDYqO30inBzst0tVFdd6yIRtgeBWAJbU7avs5RGdgH+0E4jYuql1iWyQ G9CRuKnH6i+Lv9+IxLB3pMTg= From: Tomas Volf <~@wolfsden.cz> To: 77001@debbugs.gnu.org Subject: [PATCH v2 7/8] services: kerberos: Fix order of definitions. Date: Wed, 19 Mar 2025 17:24:33 +0100 Message-ID: <0933aa1105d60f052915f78a2b5ae5e50966de41.1742401473.git.~@wolfsden.cz> X-Mailer: git-send-email 2.48.1 In-Reply-To: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> References: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Generating the configuration file would error out with error stating: Wrong type to apply: # Moving the procedures below the respective define-configuration fixes that. * gnu/services/kerberos.scm (realm-list?, serialize-realm-list): Move below define-configuration for krb5-realm. Change-Id: I6a520a92cdc3c42d3916cdf33d427dadc531e7d1 --- gnu/services/kerberos.scm | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index de85b43223..fcb0ac1ab4 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -170,23 +170,6 @@ (define (serialize-free-form-fields field-name val) (define non-negative-integer/unset? (predicate/unset non-negative-integer?)) -(define (realm-list? val) - (and (list? val) - (and-map (lambda (x) (krb5-realm? x)) val))) - -(define (serialize-realm-list field-name val) - (format #t "\n[~a]\n" field-name) - (for-each (lambda (realm) - (format #t "\n~a = {\n" (krb5-realm-name realm)) - (for-each (lambda (field) - (unless (eq? 'name (configuration-field-name field)) - ((configuration-field-serializer field) - (configuration-field-name field) - ((configuration-field-getter field) - realm)))) krb5-realm-fields) - - (format #t "}\n")) val)) - ;; For a more detailed explanation of these fields see man 5 krb5.conf @@ -246,6 +229,23 @@ (define-configuration krb5-realm "Used when the V4 realm name and the V5 realm name are not the same, but still share the same principal names and passwords.")) +(define (realm-list? val) + (and (list? val) + (and-map (lambda (x) (krb5-realm? x)) val))) + +(define (serialize-realm-list field-name val) + (format #t "\n[~a]\n" field-name) + (for-each (lambda (realm) + (format #t "\n~a = {\n" (krb5-realm-name realm)) + (for-each (lambda (field) + (unless (eq? 'name (configuration-field-name field)) + ((configuration-field-serializer field) + (configuration-field-name field) + ((configuration-field-getter field) + realm)))) krb5-realm-fields) + + (format #t "}\n")) val)) + ;; For a more detailed explanation of these fields see man 5 krb5.conf -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 19 12:26:10 2025 Received: (at 77001) by debbugs.gnu.org; 19 Mar 2025 16:26:11 +0000 Received: from localhost ([127.0.0.1]:52714 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tuwF7-0007MZ-7O for submit@debbugs.gnu.org; Wed, 19 Mar 2025 12:26:10 -0400 Received: from wolfsden.cz ([37.205.8.62]:48808) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tuwDz-00075b-F0 for 77001@debbugs.gnu.org; Wed, 19 Mar 2025 12:25:04 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 6A1282990DB; Wed, 19 Mar 2025 16:24:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401498; bh=RzBVock7RZs7GlggbMRq+94/jXKGSp9OiJ3f7Hy4T6g=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=eV8MzxXVyd6rMFr4FEUiyYcgMWKWUPNXl7XVKcGE5vPDV6QXC4oUl0C1S3RQ5IYVm EvNiUnLYgmwoIjsXPD1/XPzE3v1FtU9Arf7L79sLYUHx+i6RwTy1fhxx6XLk9zHF0s MGnWq7ffkky4gM+/CB82jot72Ws07nGXTWlrFZ2oj/Tz6dCUVVphzZYIrhdF65EODI FkY/niBJ1fT3Au7a4PzDC0ErNLh86FiupNgWMHVRe2BQ1Zf7gcsD4WcrqDDaQMDraM f4TMJpjDCHAEyL+qStOXFftn2ad6ecrmgQvlB/K+DJlODjo1WEKsUaGALuceX1MIAH axAJliF11oW1B9Lq7Pnw4JT7j9uCFn3acUSJ+Gkw0MUt13+KadoibEivXhqmT6X86U pX0FjsCxY8iugoxVmFW8InPXgJAY89elyPOkajMJHTGk9hYoWfCeYrmmG3b+hGN0xl R0SedhlAU3M8ube5In3M4eZEDxNVzKkGNUH3VVFv2Gz+9Ohjg2BnWiDWpHr+y9kCRX pQ91jqbtFcS5u88mj5KXbBhDpKTRidfjw9G7hLkoZYXMvo8XOim45/tmHiaxTLkVTg E1nRmS/mXLWiWCBh37OjPntMC5xqs84uZT0S7mVFEiuJXCBl1/+1axtIK2fwm6+1M/ /n+0jVhtrMBjeD9TDoFzUqyI= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id C33D1386B78; Wed, 19 Mar 2025 16:24:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401497; bh=RzBVock7RZs7GlggbMRq+94/jXKGSp9OiJ3f7Hy4T6g=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=V2zE6eWj0MTI3vJVLkZcx9ydSE+96A58lI95BiiFPkQzBLNibKpUTRVRXYTZokGD4 6QypRQ0KUkSZU/YccItdaw1N6NBxMajc7y22YXh4kEY52KRiMvDssoiuMv+W+ylDXu rs2kk7wwVvOpY/psNakZNssgYMHc+H9quTAB0VWCSfLa36P/OWIF85Oe+8++aysWX/ bF14WxnoMdRSauLsmnnmH3bpub1nld1/F2S6fmyHD1y9rDja+oliQSLCM4tGNIJgBa bTKfju8HGc+KglxeoOEHSELoHAyT+NnQvhYjjfq3B+Ke27gVcaXnQ7gfxk7XImNSlT b8KRoM9sFAKtBND8vC7RZmlsvxsoJx+FrNptN5vO4b0p/D3hveWVo9UGEbagqeojce 3AX4NmEiKFL0ZQzsBfhVzBkljcVtoaZ5H4zvEQhRpg/fZIFLnj9VeETf221BwJ3kQo g1h1WhCsb5hcviK3MR5giWyUl2CmCE5HGvtDMgQbCz5eQ7U3MBugfnDWWspfxZCv2j Z5TqTdMZ5YPVnkeJO43u4BWYZWUbWZiwPdLYpQZ1dOCO81gWffhKMzNJl0nw/5bW8c AJVDCrGlx6tq8sP9RCEDJ4RfkGM6entKwtjEiOaQQWmuiOO1q4XNtBMAJunbaLG6l5 bZ93x4Y0QWaHNxxtCdEN0ViI= From: Tomas Volf <~@wolfsden.cz> To: 77001@debbugs.gnu.org Subject: [PATCH v2 4/8] services: krb5-configuration: Fix indentation. Date: Wed, 19 Mar 2025 17:24:30 +0100 Message-ID: X-Mailer: git-send-email 2.48.1 In-Reply-To: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> References: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/kerberos.scm (krb5-configuration): Adjust indentation and word wrapping. Change-Id: I629c106867e1d4d935b4bc33ae3489f4b0ee0bf5 --- gnu/services/kerberos.scm | 53 ++++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index 1a7cc5774a..8ebcec3291 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -296,19 +296,19 @@ (define-configuration krb5-configuration (dns-canonicalize-hostname? (boolean/unset unset-field) - "Whether name lookups will be used to canonicalize host names for use in + "Whether name lookups will be used to canonicalize host names for use in service principal names.") (dns-lookup-kdc? (boolean/unset unset-field) - "Should DNS SRV records should be used to locate the KDCs and other servers + "Should DNS SRV records should be used to locate the KDCs and other servers not appearing in the realm specification") (err-fmt (string/unset unset-field) - "Custom error message formatting. If not #f error messages will be formatted -by substituting a normal error message for %M and an error code for %C in the -value.") + "Custom error message formatting. If not #f error messages will be +formatted by substituting a normal error message for %M and an error code for +%C in the value.") (forwardable? (boolean/unset unset-field) @@ -316,9 +316,9 @@ (define-configuration krb5-configuration (ignore-acceptor-hostname? (boolean/unset unset-field) - "When accepting GSSAPI or krb5 security contexts for host-based service -principals, ignore any hostname passed by the calling application, and allow -clients to authenticate to any service principal in the keytab matching the + "When accepting GSSAPI or krb5 security contexts for host-based service +principals, ignore any hostname passed by the calling application, and allow +clients to authenticate to any service principal in the keytab matching the service name and realm name.") (k5login-authoritative? @@ -328,23 +328,23 @@ (define-configuration krb5-configuration (k5login-directory (string/unset unset-field) - "If not #f, the library will look for a local user's @file{k5login} file -within the named directory (instead of the user's home directory), with a -file name corresponding to the local user name.") + "If not #f, the library will look for a local user's @file{k5login} file +within the named directory (instead of the user's home directory), with a file +name corresponding to the local user name.") (kcm-mach-service (string/unset unset-field) - "The name of the bootstrap service used to contact the KCM daemon for the + "The name of the bootstrap service used to contact the KCM daemon for the KCM credential cache type.") (kcm-socket (file-name unset-field) - "Path to the Unix domain socket used to access the KCM daemon for the KCM + "Path to the Unix domain socket used to access the KCM daemon for the KCM credential cache type.") (kdc-default-options (non-negative-integer/unset unset-field) - "Default KDC options (logored for multiple values) when requesting initial + "Default KDC options (logored for multiple values) when requesting initial tickets.") (kdc-timesync @@ -353,17 +353,18 @@ (define-configuration krb5-configuration (kdc-req-checksum-type (non-negative-integer/unset unset-field) - "The type of checksum to use for the KDC requests. Relevant only for DES + "The type of checksum to use for the KDC requests. Relevant only for DES keys") (noaddresses? (boolean/unset unset-field) - "If true, initial ticket requests will not be made with address restrictions. -This enables their use across NATs.") + "If true, initial ticket requests will not be made with address +restrictions. This enables their use across NATs.") (permitted-enctypes (space-separated-string-list/unset unset-field) - "All encryption types that are permitted for use in session key encryption.") + "All encryption types that are permitted for use in session key +encryption.") (plugin-base-dir (file-name unset-field) @@ -371,8 +372,8 @@ (define-configuration krb5-configuration (preferred-preauth-types (comma-separated-integer-list/unset unset-field) - "The preferred pre-authentication types which the client will attempt before -others.") + "The preferred pre-authentication types which the client will attempt +before others.") (proxiable? (boolean/unset unset-field) @@ -380,12 +381,12 @@ (define-configuration krb5-configuration (rdns? (boolean/unset unset-field) - "Should reverse DNS lookup be used in addition to forward name lookup to + "Should reverse DNS lookup be used in addition to forward name lookup to canonicalize host names for use in service principal names.") (realm-try-domains (integer/unset unset-field) - "Should a host's domain components should be used to determine the Kerberos + "Should a host's domain components should be used to determine the Kerberos realm of the host.") (renew-lifetime @@ -402,13 +403,13 @@ (define-configuration krb5-configuration (udp-preference-limit (non-negative-integer/unset unset-field) - "When sending messages to the KDC, the library will try using TCP -before UDP if the size of the message greater than this limit.") + "When sending messages to the KDC, the library will try using TCP before +UDP if the size of the message greater than this limit.") (verify-ap-rereq-nofail? (boolean/unset unset-field) - "If true, then attempts to verify initial credentials will fail if the client -machine does not have a keytab.") + "If true, then attempts to verify initial credentials will fail if the +client machine does not have a keytab.") (realms (realm-list '()) -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 19 12:26:12 2025 Received: (at 77001) by debbugs.gnu.org; 19 Mar 2025 16:26:12 +0000 Received: from localhost ([127.0.0.1]:52717 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tuwF8-0007N0-QM for submit@debbugs.gnu.org; Wed, 19 Mar 2025 12:26:12 -0400 Received: from wolfsden.cz ([37.205.8.62]:51406) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tuwE5-000778-LA for 77001@debbugs.gnu.org; Wed, 19 Mar 2025 12:25:13 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id B0B502984F4; Wed, 19 Mar 2025 16:25:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401500; bh=Oi6kYlstAyOW5qeycWYOh3FxtfPxgyo/stGUtDIjOig=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=oIjM82ytfFNFfKqMZ0u0IlKtgi8f4v/Sn6MilwU86e9d7z4QFmnNhbAWmQ+PJVUCK f2mg48DxUGpvJwI8x1Mm3o4JuMvON9iuypsl0y8Yp0hoQUkleprmXO6otRabH7ABJL /whHfLjUivP0mpXziwuk+qFl3UhQuT2SDQuIpVrGhVDB2bYzI1/xpuqN0KyTmbkwsh ZbNrMhzulPUtK5jOIOYvBrNdLxMauBP7wl/xs1OJWmV+M4E0agg3S2w1vw0o9AfX64 MJvSVineBnoDC4RBHJAIDQoZ44l39BIhUpyhOXZ/keEtOTI6u1ykYTk/aEyg3+Yxe3 SSVFNTVzmaIEewFM0PtcwSDCYj+5RLstg+EEFsckWUuBBV1OHzH8u/KDIjsVdIjljU 4kQ4LEoHup3zDsEkzWdJTSUbo4LMCY96IOUfCmik7+Uj7UeBeD3ISlaPpt8SqLQCUC NM5oDFMoPsafPYAYZqWkoj+UT3bYYtVUOBgMikjtIf2fdLFNVvqSsXI6v7rN5picUS kb2UsecYWlhG4WvS71JkMkZZllgM4vc5VZT5Oq2lOkZ9AL3f8TzSVV6iTfuqEhjwwT 8cPRX9tkg5KQRItCeIwH2PEpo+ivxBdPUh4R3JELpd2lPU82D33MXfpWfnZfVKvic/ ZB7ffeW5R4Wz5PAHFDJpjxmI= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id D8A24299D16; Wed, 19 Mar 2025 16:24:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742401499; bh=Oi6kYlstAyOW5qeycWYOh3FxtfPxgyo/stGUtDIjOig=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=d4SxaFAhgmah4uMB1P3drn4clLDjQL22c1QF5BRwe2RZTSMOlL+Kpif8zCO5IR/Fw Ln14Hred+AHGx48Kev8lBc/zTZDfuS8EJ5xqwV2Qnj46okSETWosZ8WsdCrjvNEQiK t2lev6gUheTbi7UZmqXRcvoRyx3s9gASW++rI4yEnUmuBXIx7zLRCnF+oYs3FkJESk w/QvVJ3umABzXSkpaF5qugWflIehrQH5ndCv3zcnocu60B7x1mBSO0CwzdH1WQA2C1 5TaFYO+cpjNtUEFNr4woeUg7lO+2eO9Q21LIyXryI/56nvQH36zv4azphv1F5PAHkB zFdzh348TtvU2hk42Eq+sW2Mj9I+jw+5hlZUOhazAuX6978OORITKBVTmVicSCngyR Tde3uXii6wy5LWQH+6mLmpz0RQXSVbY+az2IDz7huKllKWMihMnRqCno6AKGcYCJXQ iVZlQ8WsnhMUfPc+pQPSplASI4FAEhOR1g7rCBolln2YPQUhCMXWGt/ba90Mh3PphE 1Y4SR1/AH5UgwXNCiEIt3UvfcWnsgGw6uchLEOcxFZqm+dGkXpjJ+hYQKR0yNxC4ub a+A8uaBi5PQXfljRSjXbewWcKRaPoMAmgy/OYAsCExaiPanblzWnwwfvdSVULwpNtD aZ3LuwWs0hZTJg49nrJ7fqVw= From: Tomas Volf <~@wolfsden.cz> To: 77001@debbugs.gnu.org Subject: [PATCH v2 8/8] services: krb5-service-type: Support launching KDC daemon. Date: Wed, 19 Mar 2025 17:24:34 +0100 Message-ID: <518d2488c89ccaf12e0cb1d491b6d66c1bdde925.1742401473.git.~@wolfsden.cz> X-Mailer: git-send-email 2.48.1 In-Reply-To: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> References: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> MIME-Version: 1.0 X-Debbugs-Cc: Ludovic Courtès , Maxim Cournoyer Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: Tomas Volf <~@wolfsden.cz> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/kerberos.scm (krb5-configuration): Add krb5, kdc-shepherd-service? fields. (krb5-activation, krb5-shepherd-services): New procedures. (krb5-service-type): Use them. Change-Id: I091ae2a6ef25f5ce95123c29588749483954c2ac --- doc/guix.texi | 12 ++++++----- gnu/services/kerberos.scm | 43 ++++++++++++++++++++++++++++++++++++--- 2 files changed, 47 insertions(+), 8 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index fe43ed2504..939683277b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -32135,11 +32135,13 @@ Kerberos Services @subsubheading Krb5 Service -Programs using a Kerberos client library normally -expect a configuration file in @file{/etc/krb5.conf}. -This service generates such a file from a definition provided in the -operating system declaration. -It does not cause any daemon to be started. +Programs using a Kerberos client library normally expect a configuration +file in @file{/etc/krb5.conf}. This service generates such a file from +a definition provided in the operating system declaration. + +When @code{kdc-shepherd-service?} is set to @code{#t}, a shepherd +service for @acronym{KDC, Key Distribution Center} is created. +Otherwise no daemons are started. No ``keytab'' files are provided by this service---you must explicitly create them. This service is known to work with the MIT client library, @code{mit-krb5}. diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm index fcb0ac1ab4..a721cf3be5 100644 --- a/gnu/services/kerberos.scm +++ b/gnu/services/kerberos.scm @@ -18,10 +18,13 @@ ;;; along with GNU Guix. If not, see . (define-module (gnu services kerberos) + #:use-module (gnu packages kerberos) #:use-module (gnu services) #:use-module (gnu services configuration) + #:use-module (gnu services shepherd) #:use-module (gnu system pam) #:use-module (guix gexp) + #:use-module (guix packages) #:use-module (guix records) #:use-module (srfi srfi-1) #:use-module (srfi srfi-34) @@ -417,7 +420,16 @@ (define-configuration krb5-configuration (realms (realm-list '()) - "The list of realms which clients may access.")) + "The list of realms which clients may access.") + + (krb5 + (package mit-krb5) + "The package to use for @command{krb5kdc}.") + + (kdc-shepherd-service? + (boolean #f) + "Whether to generate a shepherd service for the @acronym{KDC, Key +Distribution Center} daemon." empty-serializer)) (define (krb5-configuration-file config) @@ -432,15 +444,40 @@ (define (krb5-configuration-file config) (define (krb5-etc-service config) (list `("krb5.conf" ,(krb5-configuration-file config)))) +(define (krb5-activation config) + (if (krb5-configuration-kdc-shepherd-service? config) + #~(begin + (use-modules (guix build utils)) + (mkdir-p "/var/krb5kdc")) + #~#t)) + +(define (krb5-shepherd-services config) + (match-record config + (krb5 kdc-shepherd-service?) + (if kdc-shepherd-service? + (list + (shepherd-service + (documentation "Run a krb5kdc daemon.") + (provision '(krb5kdc)) + (requirement '(user-processes)) + (start #~(make-forkexec-constructor + '(#$(file-append krb5 "/sbin/krb5kdc") "-n"))) + (stop #~(make-kill-destructor)))) + '()))) + (define krb5-service-type (service-type (name 'krb5) (extensions (list (service-extension etc-service-type - krb5-etc-service))) + krb5-etc-service) + (service-extension activation-service-type + krb5-activation) + (service-extension shepherd-root-service-type + krb5-shepherd-services))) (description "Programs using a Kerberos client library normally expect a configuration file in @file{/etc/krb5.conf}. This service -generates such a file. It does not cause any daemon to be started."))) +generates such a file and (optionally) a shepherd service to run a daemon."))) -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 20 02:27:26 2025 Received: (at 77001) by debbugs.gnu.org; 20 Mar 2025 06:27:26 +0000 Received: from localhost ([127.0.0.1]:54928 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tv9NG-0000f0-9m for submit@debbugs.gnu.org; Thu, 20 Mar 2025 02:27:26 -0400 Received: from mail-pl1-x62d.google.com ([2607:f8b0:4864:20::62d]:58493) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1tv9ND-0000eg-8J for 77001@debbugs.gnu.org; Thu, 20 Mar 2025 02:27:24 -0400 Received: by mail-pl1-x62d.google.com with SMTP id d9443c01a7336-2264aefc45dso9451835ad.0 for <77001@debbugs.gnu.org>; Wed, 19 Mar 2025 23:27:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742452037; x=1743056837; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=vVeNvZCUJjPQzzcl1WCOdFtbF2IF93kPZ+UrhnyJHAY=; b=FOOTOKmvu7ZFkGn6ya0SLlZIvDt71cteLAdIssCo4MIyC32fISPVb20YmgeyaPxPSq sXe4Qpd6VZSLr5V86gJpKIsl8VqjKJlIGd4jSaoP83ZZrXsLBEIvH1zeSNGsNC+iKViS PO0No+nPt6fjpsbMd7z0jKGyu8vwhVvGpqRVrebiUHqGo4Gg55qlerw3b3kEVzdmli5e i/Wyv7F2NxGpR2VK/L4T7RySbxiKQerOEWpR/n2J9lbte1hPROvR/9kum2WoSPsqZ+Ta NYhuvTa5FjHoISxEZP4Epl1//7hfnJ0eDn0w0NaSja7RshIXdb/z4guTTOWkeUN8fsyw HpqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742452037; x=1743056837; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=vVeNvZCUJjPQzzcl1WCOdFtbF2IF93kPZ+UrhnyJHAY=; b=W7Zz/KHdhYK+kBblETdrAkVvGbByaLMxCKdvvjx9FlYZ6KA4YqgfPrkb44GkWwayxJ KD8S8Wo9gvNhJGQ4703w0dMD3gbq6YdHgsKCC3weetQAanWUnGdZUrvMdMunCfsjoYG0 MOnKp6Ib9vKZlvX3XTEBVt8WXmCMf2t/ZqbPVrLf+6SMnqP3Q3V6cyIP13qgoInasHMr UToLocI5rXaD9MqMqHIMO/bLc9ou7qkxR6UnFWdMeHXNzgF/kr6TbuqLV0H731vhzSYO 7RrGYFt2NTLJP3LUWFsbWwIUUbgI8oa4jTfCWHrl82tIO+ehGznoVp8rT79IpRL7u1z2 ZIYQ== X-Gm-Message-State: AOJu0YwiE7fdfgbSgNSMIAOy/NPvdEK5IfpFKRfWZCorYKHenY9LL85Z +7WqMlQ1BlrNBaYL3BLIwGRtPKtQxx/9zjRwOBjI53u0px6OgZqV50HPX+qW7J0= X-Gm-Gg: ASbGncutwUN2dYHugsTV7IYJtGQbVU9FLczBHLdylTkP1qVZXEPfvNV7y+2Ev/rSr9r 6J1IdNsQzOlt/Bhvrd+hlcbXFTXuaJjzKM7BcV0Uvyj+1JiT7SfW0WPjL214JJOJat3phvT4lJV 5kQbAu6cLxN6tYjaNqUsbnDx5iKt+FP20ApDzehqofSKujgCjI/Nk+iqEK/UIvcLBjE5Tfri8tx gstDY1iYK40+oo0+ZASNXDYtXCx09crT8ghBkD6R3oYtFctuYAedVmFO9SKYYUeP4xk5dRoSWUs o/VutjDwY4Rbpj5M1WdSCAya4D7g4I7OD6ih62ZNPVg= X-Google-Smtp-Source: AGHT+IGc0epJ96gNEch+chdx3wTdAo/C949wlPapFmwPY3TBLYdbvQsg0piK8aLKV1sxXbJfGrTcPA== X-Received: by 2002:a05:6a00:a19:b0:736:5e6f:295b with SMTP id d2e1a72fcca58-7377a870758mr2799089b3a.12.1742452036817; Wed, 19 Mar 2025 23:27:16 -0700 (PDT) Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73711559fb2sm13352491b3a.61.2025.03.19.23.27.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 19 Mar 2025 23:27:16 -0700 (PDT) From: Maxim Cournoyer To: Tomas Volf <~@wolfsden.cz> Subject: Re: [bug#77001] [PATCH v2 8/8] services: krb5-service-type: Support launching KDC daemon. In-Reply-To: <518d2488c89ccaf12e0cb1d491b6d66c1bdde925.1742401473.git.~@wolfsden.cz> (Tomas Volf's message of "Wed, 19 Mar 2025 17:24:34 +0100") References: <43cc10a6e9e4f8359465adcd73ba59e9404012ba.1742401473.git.~@wolfsden.cz> <518d2488c89ccaf12e0cb1d491b6d66c1bdde925.1742401473.git.~@wolfsden.cz> Date: Thu, 20 Mar 2025 15:27:00 +0900 Message-ID: <877c4kp68b.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77001 Cc: 77001@debbugs.gnu.org, Ludovic =?utf-8?Q?Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, I'm reviewing mostly just the doc part, which is the team I'm subscribed to. Tomas Volf <~@wolfsden.cz> writes: [...] > +++ b/doc/guix.texi > @@ -32135,11 +32135,13 @@ Kerberos Services > > @subsubheading Krb5 Service > > -Programs using a Kerberos client library normally > -expect a configuration file in @file{/etc/krb5.conf}. > -This service generates such a file from a definition provided in the > -operating system declaration. > -It does not cause any daemon to be started. > +Programs using a Kerberos client library normally expect a configuration > +file in @file{/etc/krb5.conf}. This service generates such a file from > +a definition provided in the operating system declaration. > + > +When @code{kdc-shepherd-service?} is set to @code{#t}, a shepherd > +service for @acronym{KDC, Key Distribution Center} is created. > +Otherwise no daemons are started. I'd reword to more simply: "Whether a Shepherd service for @acronym{KDC, Key Distribution Center} should be created." I'd find it also more useful if the option was named: 'key-distribution-center?'. That it is implemented as a service is an abstraction detail that is less important for the user than the feature provided, in my opinion. > No ``keytab'' files are provided by this service---you must explicitly create them. > This service is known to work with the MIT client library, @code{mit-krb5}. > diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm > index fcb0ac1ab4..a721cf3be5 100644 > --- a/gnu/services/kerberos.scm > +++ b/gnu/services/kerberos.scm > @@ -18,10 +18,13 @@ > ;;; along with GNU Guix. If not, see . > > (define-module (gnu services kerberos) > + #:use-module (gnu packages kerberos) > #:use-module (gnu services) > #:use-module (gnu services configuration) > + #:use-module (gnu services shepherd) > #:use-module (gnu system pam) > #:use-module (guix gexp) > + #:use-module (guix packages) > #:use-module (guix records) > #:use-module (srfi srfi-1) > #:use-module (srfi srfi-34) > @@ -417,7 +420,16 @@ (define-configuration krb5-configuration > > (realms > (realm-list '()) > - "The list of realms which clients may access.")) > + "The list of realms which clients may access.") > + > + (krb5 > + (package mit-krb5) > + "The package to use for @command{krb5kdc}.") Maybe, "The package providing the @command{krb5kdc} command." > + > + (kdc-shepherd-service? > + (boolean #f) > + "Whether to generate a shepherd service for the @acronym{KDC, Key > +Distribution Center} daemon." empty-serializer)) > > > (define (krb5-configuration-file config) > @@ -432,15 +444,40 @@ (define (krb5-configuration-file config) > (define (krb5-etc-service config) > (list `("krb5.conf" ,(krb5-configuration-file config)))) > > +(define (krb5-activation config) > + (if (krb5-configuration-kdc-shepherd-service? config) > + #~(begin > + (use-modules (guix build utils)) > + (mkdir-p "/var/krb5kdc")) > + #~#t)) > + > +(define (krb5-shepherd-services config) > + (match-record config > + (krb5 kdc-shepherd-service?) > + (if kdc-shepherd-service? > + (list > + (shepherd-service > + (documentation "Run a krb5kdc daemon.") > + (provision '(krb5kdc)) > + (requirement '(user-processes)) > + (start #~(make-forkexec-constructor > + '(#$(file-append krb5 "/sbin/krb5kdc") "-n"))) > + (stop #~(make-kill-destructor)))) > + '()))) > + > > (define krb5-service-type > (service-type (name 'krb5) > (extensions > (list (service-extension etc-service-type > - krb5-etc-service))) > + krb5-etc-service) > + (service-extension activation-service-type > + krb5-activation) > + (service-extension shepherd-root-service-type > + krb5-shepherd-services))) > (description "Programs using a Kerberos client library > normally expect a configuration file in @file{/etc/krb5.conf}. This service > -generates such a file. It does not cause any daemon to be started."))) > +generates such a file and (optionally) a shepherd service to run a daemon."))) s/shepherd/Shepherd/ Otherwise, LGTM for this 8/8 commit only. Reviewed-by: Maxim Cournoyer -- Thanks, Maxim