1 files changed, 19 insertions, 4 deletions

diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index 3d679a0..67fde9a 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -325,6 +325,14 @@ void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfi
 	tqApp->processEvents();
 }
 
+int LDAPController::controlKAdminDaemon(sc_command command) {
+	if (command == SC_RESTART) {
+		// FIXME
+		// This assumes Debian!
+		return system("/etc/init.d/openbsd-inetd restart");
+	}
+}
+
 int LDAPController::controlSASLServer(sc_command command) {
 	if (command == SC_START) {
 		// FIXME
@@ -802,10 +810,11 @@ configTempDir.setAutoDelete(false);	// RAJA DEBUG ONLY FIXME
 	slapd_uid = pwd->pw_uid;
 	slapd_gid = pwd->pw_gid;
 
-// RAJA FIXME
-// SECURITY
-// The ldapi:/// socket in /var/run/ldap is world readable/writable
-// This means anyone with access to the server running LDAP can dump the KRB5 keys!!!!
+	// SECURITY
+	// Make sure that the ldapi:/// socket in /var/run/slapd/ldapi is NOT world readable/writable (technically the permissions are for the directory containing the ldapi socket)
+	// This would mean that anyone with access to the server running LDAP can dump the KRB5 keys!
+	// FIXME
+	// Can we do anything about this now?
 
 	// Base database configuration
 	replacePlaceholdersInFile(templateDir + "openldap/ldif/config.ldif", destDir + "ldap/slapd.d/" + TQString("cn=config.ldif"), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, -1, slapd_uid, slapd_gid);
@@ -966,6 +975,12 @@ configTempDir.setAutoDelete(false);	// RAJA DEBUG ONLY FIXME
 		pdialog.closeDialog();
 		return -1;
 	}
+	// Restart kadmind
+	if (controlKAdminDaemon(SC_RESTART) != 0) {
+		if (errstr) *errstr = i18n("Unable to restart Kerberos Administration Service");
+		pdialog.closeDialog();
+		return -1;
+	}
 
 	// Start SASL
 	if (controlSASLServer(SC_START) != 0) {