config file verification tool

Zhanna Tsitkova tsitkova at MIT.EDU
Fri Mar 12 10:50:42 EST 2010

I am afraid it would add both the undesirable complexity to the code  
and the additional overhead during the run-time.
The main purpose of this validator tool is to avoid  both of these  


On Mar 5, 2010, at 6:25 AM, Mark Phalan wrote:

> On 02/24/10 02:44 PM, Zhanna Tsitkova wrote:
>> Hello, A new kerberos configuration file validation tool is now
>> checked-in under src/util/confvalidator/
>> First, the configuration file is parsed ( and validated
>> against formating errors (such as mismatching brackets) Then the list
>> of the allowed configuration attributes is compiled from k5-int.h (
>> based on KRB5_CONF_xxx macros in 1.8 ) and rules.yml ("Attributes:"
>> section) Finally, the kerberos configuration file is validated
>> against this list of the allowed strings. If the error, or something
>> that validator does not understand, is found then the warning is
>> issued in the tree-like form indicating the layer where the problem
>> has occurred.
>> Your comments/feedback will be very much appreciated.
> Sounds great. It would be nice if some of this functionality could be
> included in libkrb5 itself so that a more detailed error message could
> be generated on a krb5.conf parse error.
> Any plans to do that?
> Thanks,
> -M
> _______________________________________________
> krbdev mailing list             krbdev at

Zhanna Tsitkova
tsitkova at

More information about the krbdev mailing list