config file verification tool

Mark Phalan Mark.Phalan at
Fri Mar 5 06:25:44 EST 2010

On 02/24/10 02:44 PM, Zhanna Tsitkova wrote:
> Hello, A new kerberos configuration file validation tool is now
> checked-in under src/util/confvalidator/
> First, the configuration file is parsed ( and validated
> against formating errors (such as mismatching brackets) Then the list
> of the allowed configuration attributes is compiled from k5-int.h (
> based on KRB5_CONF_xxx macros in 1.8 ) and rules.yml ("Attributes:"
> section) Finally, the kerberos configuration file is validated
> against this list of the allowed strings. If the error, or something
> that validator does not understand, is found then the warning is
> issued in the tree-like form indicating the layer where the problem
> has occurred.
> Your comments/feedback will be very much appreciated.

Sounds great. It would be nice if some of this functionality could be 
included in libkrb5 itself so that a more detailed error message could 
be generated on a krb5.conf parse error.
Any plans to do that?



More information about the krbdev mailing list