VERIFY_KRB5_CONF(8) BSD System Manager's Manual VERIFY_KRB5_CONF(8) NNAAMMEE vveerriiffyy__kkrrbb55__ccoonnff -- checks krb5.conf for obvious errors SSYYNNOOPPSSIISS vveerriiffyy__kkrrbb55__ccoonnff _[_c_o_n_f_i_g_-_f_i_l_e_] DDEESSCCRRIIPPTTIIOONN vveerriiffyy__kkrrbb55__ccoonnff reads the configuration file _k_r_b_5_._c_o_n_f, or the file given on the command line, parses it, checking verifying that the syntax is not correctly wrong. If the file is syntactically correct, vveerriiffyy__kkrrbb55__ccoonnff tries to verify that the contents of the file is of relevant nature. EENNVVIIRROONNMMEENNTT KRB5_CONFIG points to the configuration file to read. FFIILLEESS /etc/krb5.conf Kerberos 5 configuration file DDIIAAGGNNOOSSTTIICCSS Possible output from vveerriiffyy__kkrrbb55__ccoonnff include: : failed to parse as size/time/number/boolean Usually means that is misspelled, or that it contains weird characters. The parsing done by vveerriiffyy__kkrrbb55__ccoonnff is more strict than the one performed by libkrb5, so strings that work in real life might be reported as bad. : host not found () Means that is supposed to point to a host, but it can't be recognised as one. : unknown or wrong type Means that is either a string when it should be a list, vice versa, or just that vveerriiffyy__kkrrbb55__ccoonnff is confused. : unknown entry Means that is not known by vveerriiffyy__kkrrbb55__ccoonnff. SSEEEE AALLSSOO krb5.conf(5) BBUUGGSS Since each application can put almost anything in the config file, it's hard to come up with a watertight verification process. Most of the default settings are sanity checked, but this does not mean that every problem is discovered, or that everything that is reported as a possible problem actually is one. This tool should thus be used with some care. It should warn about obsolete data, or bad practice, but currently doesn't. HEIMDAL December 8, 2004 HEIMDAL