diff -Nru nss-pam-ldapd-0.8.10/debian/changelog nss-pam-ldapd-0.8.10/debian/changelog
--- nss-pam-ldapd-0.8.10/debian/changelog	2012-06-29 03:29:18.000000000 -0700
+++ nss-pam-ldapd-0.8.10/debian/changelog	2012-07-04 13:30:48.000000000 -0700
@@ -1,3 +1,11 @@
+nss-pam-ldapd (0.8.10-1ubuntu1) quantal; urgency=low
+
+  * Upstart init scripts
+  * Added Kerberos-related packages to nslcd package suggestions
+  * Fixed typo in nslcd configuration script
+
+ -- Caleb Callaway <enlightened.despot@gmail.com>  Wed, 04 Jul 2012 13:29:11 -0700
+
 nss-pam-ldapd (0.8.10-1) unstable; urgency=low
 
   * New upstream release:
diff -Nru nss-pam-ldapd-0.8.10/debian/control nss-pam-ldapd-0.8.10/debian/control
--- nss-pam-ldapd-0.8.10/debian/control	2012-03-26 11:20:25.000000000 -0700
+++ nss-pam-ldapd-0.8.10/debian/control	2012-07-04 13:14:36.000000000 -0700
@@ -14,7 +14,7 @@
 Multi-Arch: foreign
 Depends: ${misc:Depends}, ${shlibs:Depends}, adduser
 Recommends: nscd, libnss-ldapd | libnss-ldap, libpam-ldapd | libpam-ldap | libpam-krb5 | libpam-heimdal | libpam-sss, ldap-utils, bind9-host | host
-Suggests: kstart
+Suggests: kstart, krb5-user | heimdal-clients, libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
 Replaces: libnss-ldapd (<< 0.7.0)
 Breaks: libnss-ldapd (<< 0.7.0)
 Description: Daemon for NSS and PAM lookups using LDAP
diff -Nru nss-pam-ldapd-0.8.10/debian/nslcd.config nss-pam-ldapd-0.8.10/debian/nslcd.config
--- nss-pam-ldapd-0.8.10/debian/nslcd.config	2012-05-09 13:56:09.000000000 -0700
+++ nss-pam-ldapd-0.8.10/debian/nslcd.config	2012-07-04 13:27:39.000000000 -0700
@@ -14,7 +14,7 @@
 db_capb backup
 
 #
-# This is the fist part of the script. In this part an attempt
+# This is the first part of the script. In this part an attempt
 # is made to get or guess the current configuration. This information
 # is used later on to prompt the user and to provide a sensible
 # default.
diff -Nru nss-pam-ldapd-0.8.10/debian/nslcd.init nss-pam-ldapd-0.8.10/debian/nslcd.init
--- nss-pam-ldapd-0.8.10/debian/nslcd.init	2012-02-04 05:48:36.000000000 -0800
+++ nss-pam-ldapd-0.8.10/debian/nslcd.init	1969-12-31 16:00:00.000000000 -0800
@@ -1,176 +0,0 @@
-#! /bin/sh
-
-# /etc/init.d/nslcd script for starting and stopping nslcd
-# Copyright (C) 2006 West Consulting
-# Copyright (C) 2006, 2008, 2009, 2010, 2011, 2012 Arthur de Jong
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-# 02110-1301 USA
-
-### BEGIN INIT INFO
-# Provides:          nslcd
-# Required-Start:    $remote_fs $syslog
-# Required-Stop:     $remote_fs $syslog
-# Should-Start:      $named slapd
-# X-Start-Before:    $mail-transport-agent mail-transport-agent exim4 sendmail nullmailer masqmail citadel cron atd autofs am-utils apache2 slim wdm gdm3 xdm kdm
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: LDAP connection daemon
-# Description:       nslcd is a LDAP connection daemon that is used to
-#                    do LDAP queries for the NSS and PAM modules.
-### END INIT INFO
-
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-NSLCD_BIN=/usr/sbin/nslcd
-NSLCD_DESC="LDAP connection daemon"
-NSLCD_CFG=/etc/nslcd.conf
-NSLCD_STATEDIR=/var/run/nslcd
-NSLCD_PIDFILE=$NSLCD_STATEDIR/nslcd.pid
-
-[ -x "$NSLCD_BIN" ] || exit 0
-[ -f "$NSLCD_CFG" ] || exit 0
-
-. /lib/lsb/init-functions
-
-# default options for k5start
-K5START_BIN=/usr/bin/k5start
-K5START_DESC="Keep alive Kerberos ticket"
-K5START_START=""
-K5START_PIDFILE=$NSLCD_STATEDIR/k5start_nslcd.pid
-K5START_USER=$(sed -n 's/^uid[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' $NSLCD_CFG)
-K5START_GROUP=$(sed -n 's/^gid[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' $NSLCD_CFG)
-K5START_MODE=600
-K5START_KEYTAB=/etc/krb5.keytab
-K5START_CCREFRESH=60
-K5START_PRINCIPAL="host/$(hostname -f)"
-K5START_CCFILE=$(sed -n 's/^krb5_ccname[[:space:]]*\(FILE:\)\?\([^:[:space:]]*\)[[:space:]]*$/\2/ip' $NSLCD_CFG)
-
-# check if we should use k5start by default (sasl_mech should be GSSAPI and
-# krb5_ccname should be found)
-if [ -x "$K5START_BIN" ] && \
-   grep -q '^sasl_mech[[:space:]]*GSSAPI[[:space:]]*$' $NSLCD_CFG && \
-   [ -n "$K5START_CCFILE" ]
-then
-  K5START_START="yes"
-fi
-
-# read defaults
-[ -f /etc/default/nslcd ] && . /etc/default/nslcd
-
-k5start_start()
-{
-  if [ "$K5START_START" = "yes" ]
-  then
-    log_daemon_msg "Starting $K5START_DESC" "k5start"
-    start-stop-daemon --start \
-                      --pidfile $K5START_PIDFILE \
-                      --exec $K5START_BIN -- \
-                      -b -p $K5START_PIDFILE \
-                      -o $K5START_USER \
-                      -g $K5START_GROUP \
-                      -m $K5START_MODE \
-                      -f $K5START_KEYTAB \
-                      -K $K5START_CCREFRESH \
-                      -u $K5START_PRINCIPAL \
-                      -k $K5START_CCFILE
-    log_end_msg $?
-  fi
-}
-
-k5start_stop()
-{
-  if [ "$K5START_START" = "yes" ]
-  then
-    log_daemon_msg "Stopping $K5START_DESC" "k5start"
-    start-stop-daemon --stop --oknodo --pidfile $K5START_PIDFILE
-    log_end_msg $?
-    # remove any left behind files
-    [ -n "$K5START_PIDFILE" ] && rm -f $K5START_PIDFILE
-    [ -n "$K5START_CCFILE" ] && rm -f $K5START_CCFILE
-  fi
-}
-
-k5start_status()
-{
-  if [ "$K5START_START" = "yes" ]
-  then
-    status_of_proc -p "$K5START_PIDFILE" "$K5START_BIN" "k5start"
-  fi
-}
-
-case "$1" in
-start)
-  # set up state directory
-  [ -d "$NSLCD_STATEDIR" ] || ( mkdir -m 755 "$NSLCD_STATEDIR" ; \
-                                chown nslcd:nslcd "$NSLCD_STATEDIR" )
-  # start k5start if needed
-  k5start_start
-  # start nslcd
-  log_daemon_msg "Starting $NSLCD_DESC" "nslcd"
-  start-stop-daemon --start --oknodo \
-                    --pidfile $NSLCD_PIDFILE \
-                    --startas $NSLCD_BIN
-  log_end_msg $?
-  ;;
-stop)
-  # stop nslcd
-  log_daemon_msg "Stopping $NSLCD_DESC" "nslcd"
-  start-stop-daemon --stop --oknodo \
-                    --pidfile $NSLCD_PIDFILE \
-                    --name nslcd
-  log_end_msg $?
-  [ -n "$NSLCD_PIDFILE" ] && rm -f $NSLCD_PIDFILE
-  # stop k5start
-  k5start_stop
-  ;;
-restart|force-reload)
-  [ -d "$NSLCD_STATEDIR" ] || ( mkdir -m 755 "$NSLCD_STATEDIR" ; \
-                                chown nslcd:nslcd "$NSLCD_STATEDIR" )
-  log_daemon_msg "Restarting $NSLCD_DESC" "nslcd"
-  start-stop-daemon --stop --quiet --retry 10 \
-                    --pidfile $NSLCD_PIDFILE \
-                    --name nslcd
-  [ -n "$NSLCD_PIDFILE" ] && rm -f $NSLCD_PIDFILE
-  k5start_stop
-  k5start_start
-  start-stop-daemon --start \
-                    --pidfile $NSLCD_PIDFILE \
-                    --startas $NSLCD_BIN
-  log_end_msg $?
-  ;;
-status)
-  if [ -f "$NSLCD_PIDFILE" ]
-  then
-    if $NSLCD_BIN --check
-    then
-      log_success_msg "nslcd running (pid `cat $NSLCD_PIDFILE`)"
-      exit 0
-    else
-      log_success_msg "nslcd stopped"
-      exit 1
-    fi
-  else
-    log_success_msg "nslcd stopped"
-    exit 3
-  fi
-  k5start_status
-  ;;
-*)
-  log_success_msg "Usage: $0 {start|stop|restart|force-reload|status}"
-  exit 1
-  ;;
-esac
-
-exit 0
diff -Nru nss-pam-ldapd-0.8.10/debian/nslcd.nslcd-kerberos.upstart nss-pam-ldapd-0.8.10/debian/nslcd.nslcd-kerberos.upstart
--- nss-pam-ldapd-0.8.10/debian/nslcd.nslcd-kerberos.upstart	1969-12-31 16:00:00.000000000 -0800
+++ nss-pam-ldapd-0.8.10/debian/nslcd.nslcd-kerberos.upstart	2012-07-04 12:44:44.000000000 -0700
@@ -0,0 +1,128 @@
+# nslcd-k5start - Maintain a Kerberos ticket cache for nslcd
+# Adapted from the System V nslcd init script
+
+description	"Maintain a Kerberos ticket cache for nslcd"
+author "Caleb Callaway <enlightened.despot@gmail.com>"
+
+start on starting nslcd
+stop on stopping nslcd
+
+env PATH=/bin:/usr/bin:/sbin:/usr/sbin
+env NSLCD_CFG=/etc/nslcd.conf
+
+env KINIT_BIN=/usr/bin/kinit
+env K5START_BIN=/usr/bin/k5start
+env K5START_DESC="Kerberos cache maintainer for nslcd"
+
+env NSLCD_USER=nslcd
+env NSLCD_GROUP=nslcd
+env NSLCD_STATEDIR=/var/run/nslcd
+
+env K5START_MODE=600
+env K5START_KEYTAB=/etc/krb5.keytab
+env K5START_CCREFRESH=60
+env K5START_LOGFILE="/tmp/nslcd-k5start.log"
+
+pre-start script
+	echo "Starting nslcd-kerberos..." >> $K5START_LOGFILE
+	
+	do_init() {
+		#make sure we have a state directory
+		[ -d "$NSLCD_STATEDIR" ] || ( mkdir -m 755 "$NSLCD_STATEDIR" ; \
+					    chown $NSLCD_USER:$NSLCD_GROUP "$NSLCD_STATEDIR" )
+
+		echo "Initializing credentials cache..."  >> $K5START_LOGFILE
+		echo "Init command: \"/usr/bin/kinit -V -c $K5START_CCFILE -k -t $K5START_KEYTAB $K5START_PRINCIPAL\"" >> $K5START_LOGFILE
+
+		#make sure we have a credentials cache before nslcd starts.
+		/usr/bin/kinit -V -c $K5START_CCFILE -k -t $K5START_KEYTAB $K5START_PRINCIPAL 1>>$K5START_LOGFILE 2>>$K5START_LOGFILE
+	}
+
+	if [ ! -f "$NSLCD_CFG" ]
+	then
+		echo "Startup aborted (nslcd configuration file missing)." >> $K5START_LOGFILE
+		exit 1
+	fi
+
+	#upstart's env stanza doesn't do expansion, so we do it here
+	NSLCD_USER=$(sed -n 's/^uid[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' $NSLCD_CFG)
+	NSLCD_GROUP=$(sed -n 's/^gid[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' $NSLCD_CFG)
+
+	K5START_PRINCIPAL="host/$(hostname -f)"
+	K5START_CCFILE=$(sed -n 's/^krb5_ccname[[:space:]]*\(FILE:\)\?\([^:[:space:]]*\)[[:space:]]*$/\2/ip' $NSLCD_CFG)
+	K5START_PIDFILE=$NSLCD_STATEDIR/k5start_nslcd.pid
+
+	if [ -e /etc/default/nslcd ]
+	then
+		. /etc/default/nslcd
+	fi
+
+	#run k5start if forced to do so by the defaults file
+	if [ "$K5START_START" = "yes" ]
+	then
+		echo "Startup forced by K5START_START variable." >> $K5START_LOGFILE
+		do_init
+	elif [ ! -x "$KINIT_BIN" ]
+	then
+		echo "Startup aborted (kinit not found)." >> $K5START_LOGFILE
+		exit 1
+	elif [ ! -x "$K5START_BIN" ]
+	then
+		echo "Startup aborted (k5start not found)." >> $K5START_LOGFILE
+		exit 1
+	elif ! grep -q '^sasl_mech[[:space:]]*GSSAPI[[:space:]]*$' $NSLCD_CFG
+	then
+		echo "Startup aborted (GSSAPI mechanism not specified in configuration file)." >> $K5START_LOGFILE
+		exit 1
+	elif [ -z "$K5START_CCFILE" ]
+	then
+		echo "Startup aborted (Kerberos credentials cache location not specified or not a file-type ticket cache)." >> $K5START_LOGFILE
+		exit 1
+	else
+		do_init
+	fi
+end script
+
+script
+	#upstart's env stanza doesn't do expansion, so we do it here
+	NSLCD_STATEDIR=/var/run/nslcd
+	K5START_PIDFILE=$NSLCD_STATEDIR/k5start_nslcd.pid
+
+	NSLCD_USER=$(sed -n 's/^uid[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' $NSLCD_CFG)
+	NSLCD_GROUP=$(sed -n 's/^gid[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' $NSLCD_CFG)
+
+	K5START_PRINCIPAL="host/$(hostname -f)"
+	K5START_CCFILE=$(sed -n 's/^krb5_ccname[[:space:]]*\(FILE:\)\?\([^:[:space:]]*\)[[:space:]]*$/\2/ip' $NSLCD_CFG)
+
+	if [ -e /etc/default/nslcd ]
+	then
+		. /etc/default/nslcd
+	fi
+
+	echo "Starting k5start daemon..." >> $K5START_LOGFILE
+	echo "Command: \"$K5START_BIN -L -p $K5START_PIDFILE -o $NSLCD_USER -g $NSLCD_GROUP -m $K5START_MODE -f $K5START_KEYTAB -K $K5START_CCREFRESH -u $K5START_PRINCIPAL -k $K5START_CCFILE\"" >> $K5START_LOGFILE
+
+	$K5START_BIN -L -p $K5START_PIDFILE -o $NSLCD_USER -g $NSLCD_GROUP -m $K5START_MODE -f $K5START_KEYTAB -K $K5START_CCREFRESH -u $K5START_PRINCIPAL -k $K5START_CCFILE
+end script
+
+post-stop script
+	#upstart's env stanza doesn't do expansion, so we do it here
+	K5START_PIDFILE=$NSLCD_STATEDIR/k5start_nslcd.pid
+	K5START_CCFILE=$(sed -n 's/^krb5_ccname[[:space:]]*\(FILE:\)\?\([^:[:space:]]*\)[[:space:]]*$/\2/ip' $NSLCD_CFG)
+
+        if [ -e /etc/default/nslcd ]
+        then
+        	. /etc/default/nslcd
+        fi
+
+	if [ -e "$K5START_PIDFILE" ]
+	then
+		rm -f $K5START_PIDFILE
+	fi
+	if [ -e "$K5START_CCFILE" ]
+	then
+		rm -f $K5START_CCFILE
+	fi
+
+	echo "nslcd-kerberos stopped." >> $K5START_LOGFILE
+end script
diff -Nru nss-pam-ldapd-0.8.10/debian/nslcd.upstart nss-pam-ldapd-0.8.10/debian/nslcd.upstart
--- nss-pam-ldapd-0.8.10/debian/nslcd.upstart	1969-12-31 16:00:00.000000000 -0800
+++ nss-pam-ldapd-0.8.10/debian/nslcd.upstart	2012-07-04 11:51:53.000000000 -0700
@@ -0,0 +1,82 @@
+# nslcd - LDAP connection daemon
+#
+# nslcd is a daemon that is used to do LDAP queries
+# for NSS and PAM modules.
+#
+# Adapted from the System V nslcd init script 
+# and http://ubuntuforums.org/showthread.php?t=1335022
+
+description "LDAP connection daemon"
+author "Caleb Callaway <enlightened.despot@gmail.com>"
+
+start on (local-filesystems and net-device-up IFACE!=lo)
+stop on runlevel [!2345]
+
+expect fork
+respawn
+
+env PATH=/bin:/usr/bin:/sbin:/usr/sbin
+env NSLCD_BIN=/usr/sbin/nslcd
+env NSLCD_DESC="LDAP connection daemon"
+env NSLCD_CFG=/etc/nslcd.conf
+env NSLCD_LOGFILE="/tmp/nslcd.log"
+
+env NSLCD_USER=nslcd
+env NSLCD_GROUP=nslcd
+env NSLCD_STATEDIR=/var/run/nslcd
+
+pre-start script
+	date >> $NSLCD_LOGFILE
+	echo "Starting nslcd..." >> $NSLCD_LOGFILE
+	
+	if [ ! -x "$NSLCD_BIN" ]
+	then
+		echo "Startup aborted (nslcd binary $NSLCD_BIN not found)." >> $NSLCD_LOGFILE
+		exit 1
+	fi
+
+	#upstart's env stanza doesn't do expansion, so we do it here
+	NSLCD_USER=$(sed -n 's/^uid[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' $NSLCD_CFG)
+	NSLCD_GROUP=$(sed -n 's/^gid[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' $NSLCD_CFG)
+
+	if [ -e /etc/default/nslcd ]
+	then
+		. /etc/default/nslcd
+	fi
+
+	#make sure we have a state directory
+	[ -d "$NSLCD_STATEDIR" ] || ( mkdir -m 755 "$NSLCD_STATEDIR" ; \
+			            chown $NSLCD_USER:$NSLCD_GROUP "$NSLCD_STATEDIR" )
+end script
+
+script
+	if [ -e /etc/default/nslcd ]
+	then
+		. /etc/default/nslcd
+	fi
+
+	# start nslcd
+	echo "Starting $NSLCD_DESC nslcd" > $NSLCD_LOGFILE
+end script
+
+exec $NSLCD_BIN
+
+post-start script
+	if [ -e /etc/init.d/nscd ];
+	then
+		#/etc/init.d/nscd restart
+        	for table in passwd group hosts ; do
+                	/usr/sbin/nscd --invalidate $table
+	fi
+	echo "nslcd started." > $NSLCD_LOGFILE
+end script
+
+post-stop script
+	if [ -e /etc/init.d/nscd ];
+	then
+		/etc/init.d/nscd stop
+	fi
+
+	date >> $NSLCD_LOGFILE
+	echo "nslcd stopped." >> $NSLCD_LOGFILE
+end script
diff -Nru nss-pam-ldapd-0.8.10/debian/rules nss-pam-ldapd-0.8.10/debian/rules
--- nss-pam-ldapd-0.8.10/debian/rules	2012-01-20 08:05:16.000000000 -0800
+++ nss-pam-ldapd-0.8.10/debian/rules	2012-07-02 20:53:54.000000000 -0700
@@ -24,4 +24,5 @@
 
 # ensure that nslcd is not down during upgrades
 override_dh_installinit:
-	dh_installinit --restart-after-upgrade
+	dh_installinit --name=nslcd-kerberos --upstart-only --noscripts
+	dh_installinit --name=nslcd --upstart-only --noscripts --restart-after-upgrade