config file verification tool

Ken Raeburn raeburn at MIT.EDU
Fri Mar 12 12:11:01 EST 2010

On Mar 12, 2010, at 11:04, Mark Phalan wrote:
> I haven't actually taken a close look at your tool yet but I was hoping 
> that some of your work could be leveraged to make libkrb5 print better 
> error messages. It seems to me that it should be possible to provide 
> better validation within libkrb5 without adding unbearable overhead or 
> complexity.

It shouldn't be too hard right now to make code that notices a missing required config-file entry use the enhanced error-message interfaces to indicate what field was missing, at least when using an API that keeps a krb5_context around.  The libraries need to change to report the name of the missing entry, and the application code needs to use the right routines to extract the error message.

But a separate validation tool can flag things like unrecognized entries (which may be typos for something the admin meant to set, but may just be for third-party apps, or may be for a parallel Heimdal installation on the machine, or ...), which by themselves aren't errors and probably shouldn't be flagged by the library in normal operation.


More information about the krbdev mailing list