Fix kadmind

confskel/heimdal/kdc.conf

@@ -8,5 +8,6 @@
 
     database = {
         dbname = ldap:@@@REALM_DCNAME@@@
+        realm = @@@REALM_UCNAME@@@
         acl_file = /etc/heimdal-kdc/kadmind.acl
     }

src/ldapcontroller.cpp

@@ -325,6 +325,14 @@ void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfi
 	tqApp->processEvents();
 }
 
+int LDAPController::controlKAdminDaemon(sc_command command) {
+	if (command == SC_RESTART) {
+		// FIXME
+		// This assumes Debian!
+		return system("/etc/init.d/openbsd-inetd restart");
+	}
+}
+
 int LDAPController::controlSASLServer(sc_command command) {
 	if (command == SC_START) {
 		// FIXME
@@ -802,10 +810,11 @@ configTempDir.setAutoDelete(false);	// RAJA DEBUG ONLY FIXME
 	slapd_uid = pwd->pw_uid;
 	slapd_gid = pwd->pw_gid;
 
-// RAJA FIXME
-// SECURITY
-// The ldapi:/// socket in /var/run/ldap is world readable/writable
-// This means anyone with access to the server running LDAP can dump the KRB5 keys!!!!
+	// SECURITY
+	// Make sure that the ldapi:/// socket in /var/run/slapd/ldapi is NOT world readable/writable (technically the permissions are for the directory containing the ldapi socket)
+	// This would mean that anyone with access to the server running LDAP can dump the KRB5 keys!
+	// FIXME
+	// Can we do anything about this now?
 
 	// Base database configuration
 	replacePlaceholdersInFile(templateDir + "openldap/ldif/config.ldif", destDir + "ldap/slapd.d/" + TQString("cn=config.ldif"), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, -1, slapd_uid, slapd_gid);
@@ -966,6 +975,12 @@ configTempDir.setAutoDelete(false);	// RAJA DEBUG ONLY FIXME
 		pdialog.closeDialog();
 		return -1;
 	}
+	// Restart kadmind
+	if (controlKAdminDaemon(SC_RESTART) != 0) {
+		if (errstr) *errstr = i18n("Unable to restart Kerberos Administration Service");
+		pdialog.closeDialog();
+		return -1;
+	}
 
 	// Start SASL
 	if (controlSASLServer(SC_START) != 0) {

src/ldapcontroller.h

@@ -69,6 +69,7 @@ class LDAPController: public KCModule
 		void processLockouts();
 
 	private:
+		int controlKAdminDaemon(sc_command command);
 		int controlSASLServer(sc_command command);
 		int controlHeimdalServer(sc_command command, uid_t userid=-1, gid_t groupid=-1);
 		int controlLDAPServer(sc_command command, uid_t userid=-1, gid_t groupid=-1);

src/realmintropagedlg.ui

@@ -70,7 +70,8 @@
 			<property name="text">
 				<string>&lt;p&gt;This Wizard will help you create a new LDAP realm in three quick, easy steps.&lt;/p&gt;
 					&lt;p&gt;Please note that this Wizard will overwrite any existing LDAP realms and data.&lt;/p&gt;
-					&lt;p&gt;If you wish to quit the Wizard, click &lt;b&gt;Cancel&lt;/b&gt; at any time.&lt;/p&gt;</string>
+					&lt;p&gt;If you wish to quit the Wizard, click &lt;b&gt;Cancel&lt;/b&gt; at any time.&lt;/p&gt;
+					&lt;p&gt;&lt;b&gt;NOTE:&lt;/b&gt; Kerberos and LDAP rely heavily on proper DNS resolution in order to function correctly.  Therefore, you must have functional forward and reverse DNS entries for this system in order to complete this Wizard.&lt;/p&gt;</string>
 			</property>
 			<property name="textFormat">
 				<enum>RichText</enum>