#!/bin/bash
#
# kadmind      Start and stop the Kerberos 5 administrative server.
#
# chkconfig:   - 41 59
# description: Kerberos 5 is a trusted third-party authentication system.  \
#	       This script starts and stops the Kerberos 5 administrative \
#              server, which should only be run on the master server for a \
#              realm.
# processname: kadmind
#

WITHOUT_RC_COMPAT=1

# Source function library.
. /etc/init.d/functions

# Get config.
SourceIfNotEmpty /etc/sysconfig/network

LOCKFILE=/var/lock/subsys/kadmin
KDC_PATH=/var/lib/kerberos/krb5kdc
RETVAL=0


extract_keys()
{
    action $"Extracting kadm5 Service Keys: " \
	/usr/sbin/kadmin.local -q "ktadd\ -k\ ${KDC_PATH}/kadm5.keytab\ kadmin/admin\ kadmin/changepw"
}

start()
{
    is_yes "$NETWORKING" || return 0

    [ -f "$KDC_PATH/principal" ] || return 0
    [ ! -f "$KDC_PATH/kpropd.acl" ] || return 0

    [ -f "$KDC_PATH/kadm5.keytab" ] || extract_keys

    start_daemon --lockfile "$LOCKFILE" --expect-user root -- kadmind
    RETVAL=$?
    return $RETVAL
}

stop()
{
    stop_daemon --lockfile "$LOCKFILE" --expect-user root -- kadmind
    RETVAL=$?
    return $RETVAL
}

restart()
{
    stop
    start
}

reload()
{        
    msg_reloading kadmind
    stop_daemon --expect-user root -HUP -- kadmind
    RETVAL=$?
    return $RETVAL
}

# See how we were called.
case "$1" in
    start)
            start
            ;;
    stop)
            stop
            ;;
    reload)
            reload
            ;;
    restart)
            restart
            ;;
    condstop)
            if [ -e "$LOCKFILE" ]; then
                    stop
            fi
            ;;
    condrestart)
            if [ -e "$LOCKFILE" ]; then
                    restart
            fi
            ;;
    condreload)
            if [ -e "$LOCKFILE" ]; then
                    reload
            fi
            ;;
    status)
            status --expect-user root -- kadmind
            RETVAL=$?
            ;;
    *)
            msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}"
            RETVAL=1
esac

exit $RETVAL
