NAME¶
verify_krb5_conf —
checks krb5.conf for
obvious errors
SYNOPSIS¶
verify_krb5_conf |
[config-file] |
DESCRIPTION¶
verify_krb5_conf reads the configuration file
krb5.conf, or the file given on the command line, parses it,
checking verifying that the syntax is not correctly wrong.
If the file is syntactically correct,
verify_krb5_conf tries
to verify that the contents of the file is of relevant nature.
ENVIRONMENT¶
KRB5_CONFIG
points to the configuration file to read.
FILES¶
- /etc/krb5.conf
- Kerberos 5 configuration file
DIAGNOSTICS¶
Possible output from
verify_krb5_conf include:
- <path>: failed to parse
<something> as size/time/number/boolean
- Usually means that <something> is misspelled, or that
it contains weird characters. The parsing done by
verify_krb5_conf is more strict than the one performed
by libkrb5, so strings that work in real life might be reported as
bad.
- <path>: host not found
(<hostname>)
- Means that <path> is supposed to point to a host, but
it can't be recognised as one.
- <path>: unknown or
wrong type
- Means that <path> is either a string when it should
be a list, vice versa, or just that verify_krb5_conf is
confused.
- <path>: unknown
entry
- Means that <string> is not known by
verify_krb5_conf.
SEE ALSO¶
krb5.conf(5)
BUGS¶
Since each application can put almost anything in the config file, it's hard to
come up with a watertight verification process. Most of the default settings
are sanity checked, but this does not mean that every problem is discovered,
or that everything that is reported as a possible problem actually is one.
This tool should thus be used with some care.
It should warn about obsolete data, or bad practice, but currently
doesn't.