Proposed lexer for parsing krb5.conf files

Jeffrey Altman jaltman at MIT.EDU
Tue Nov 22 11:22:53 EST 2005

Wyllys Ingersoll wrote:

> I think it is worth some more thought and investigation, there are
> definite benefits in developing an XML schema for the config data and
> I don't think it would be all that difficult as compared to rewriting
> the current profile parsing code.
> -Wyllys

I don't think you grasp the scope of the problem.   Kerberos is not
a library that you replace and suddenly all of the applications that
use the krb5.conf file become updated.   The Kerberos world is one in
which there are multiple stacks from multiple vendors on the same
machine.  Sometimes they are dynamic libraries and sometimes the
libraries are static.

On a typical Solaris box you will find Sun's distribution in C plus
one of the Java variants.  You might also find an MIT and/or Heimdal
distribution because someone wanted to build/deploy an application
that requires raw krb5 apis.

It is not acceptable for an upgrade of one krb5 library to suddenly
start breaking others.   Part of the reason we need to re-write the
profile library is to make the writing of profile data back to the
krb5.conf file occur in a more consistent manner.  In particular, if
entries in [capaths] are ordered in a certain way, reading and writing
the profile should not change that order.   While fixing these problems
we are also going to fix some of the parsing issues that have annoyed
people over the years.

Now, it may be the case that someone wants to develop multiple backends
for the profile files.  We currently have "FILE:" and someone might
want to develop "XML:" or "REGISTRY:" (for Windows).   However, if the
library sees a traditional krb5.conf it must use it in the existing
format and it cannot change that format.  Doing so would break

Jeffrey Altman

More information about the krbdev mailing list