[pkgsrc/trunk]: pkgsrc/security/kstart kstart: update to 4.2

[markd <markd%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/41ee81a0cece
branches:  trunk
changeset: 432437:41ee81a0cece
user:      markd <markd%pkgsrc.org@localhost>
date:      Fri May 22 05:27:06 2020 +0000

description:
kstart: update to 4.2

k5start, when run with the -K option to run as a daemon, no longer exits if
the initial authentication fails (unless -x was given). Instead, it reports
the error to standard error and then continues to run, attempting authentication
every minute as if authentication had failed after it had started.

For both k5start with a command or -K and no -x flag, and krenew with the -i
flag, repeatedly retry the initial authentication. The first retry will be
immediate, and then the commands will keep trying with exponential backoff to
one minute intervals, and then continuously at one minute intervals until the
command is killed or authentication succeeds. k5start and krenew will no longer
start any other command until the initial authentication succeeds, fixing
startup behavior when running a command that must have valid Kerberos tickets
immediately on start.

Clean up the temporary ticket cache on k5start failure if -o, -g, or -m were
given.

The -H flag to k5start or krenew may now be used in conjunction with -K and
controls whether the ticket is renewed when the command wakes up. Normally,
the ticket will be renewed if it will expire sooner than two minutes after the
next time the command will wake up. If -H is specified, its value replaces the
default value of two minutes.

Add a new -a option to both k5start and krenew that, when used with -K, tells
those programs to refresh tickets every time they wake up. This is useful with
-t to ensure that the AFS token renewal program is always run, even if something
else renews the ticket cache before k5start or krenew wake up. It also provides
more predictable ticket refresh behavior. This probably should have been the
default with -K from the beginning, but the default wasn't changed to keep
backward compatibility. Consider always using -a with -K.

Fix k5start and krenew to not incorrectly reject the -b flag in conjunction
with -K or a command.

diffstat:

 security/kstart/Makefile |   4 ++--
 security/kstart/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (27 lines):

diff -r 91faf07af787 -r 41ee81a0cece security/kstart/Makefile
--- a/security/kstart/Makefile  Fri May 22 05:14:28 2020 +0000
+++ b/security/kstart/Makefile  Fri May 22 05:27:06 2020 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.4 2017/08/16 20:21:14 wiz Exp $
+# $NetBSD: Makefile,v 1.5 2020/05/22 05:27:06 markd Exp $
 
-DISTNAME=      kstart-4.1
+DISTNAME=      kstart-4.2
 CATEGORIES=    sysutils
 MASTER_SITES=  http://archives.eyrie.org/software/kerberos/
 
diff -r 91faf07af787 -r 41ee81a0cece security/kstart/distinfo
--- a/security/kstart/distinfo  Fri May 22 05:14:28 2020 +0000
+++ b/security/kstart/distinfo  Fri May 22 05:27:06 2020 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.3 2015/11/04 01:17:47 agc Exp $
+$NetBSD: distinfo,v 1.4 2020/05/22 05:27:06 markd Exp $
 
-SHA1 (kstart-4.1.tar.gz) = 09d0a5186d68f6f7d59340d40a79f27b5489d891
-RMD160 (kstart-4.1.tar.gz) = 6cfb50a9155e00eebea04f0cb0051a7a08027f2f
-SHA512 (kstart-4.1.tar.gz) = 74a8a3f2c8d2c95f166f5861fb05a2d659a31db3165e27e81e5cf216bde44809d937ebc00995f89fa3b9df68609e3081303eb30742f5c4d90151b1410f0bd3cc
-Size (kstart-4.1.tar.gz) = 269215 bytes
+SHA1 (kstart-4.2.tar.gz) = 09c114e1a78a2ab348741cf1b8ce3327d5a8e9fd
+RMD160 (kstart-4.2.tar.gz) = b41b66f148efbfe674d72af3077f961aea3b6682
+SHA512 (kstart-4.2.tar.gz) = 7ce9c1f964c0d469b4b8a5de88ae83186e99116959941c4e7f69c59165d0c22aac432ac26dd5fe54f7c2f725048bb55b787107aea8408e2fd6c9ad02dcb31552
+Size (kstart-4.2.tar.gz) = 296651 bytes