xref: /freebsd/crypto/heimdal/lib/krb5/verify_krb5_conf.8 (revision 6a068746777241722b2b32c5d0bc443a2a64d80b)
1*ae771770SStanislav Sedov.\" Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan
2c19800e8SDoug Rabson.\" (Royal Institute of Technology, Stockholm, Sweden).
3c19800e8SDoug Rabson.\" All rights reserved.
45e9cd1aeSAssar Westerlund.\"
5c19800e8SDoug Rabson.\" Redistribution and use in source and binary forms, with or without
6c19800e8SDoug Rabson.\" modification, are permitted provided that the following conditions
7c19800e8SDoug Rabson.\" are met:
8c19800e8SDoug Rabson.\"
9c19800e8SDoug Rabson.\" 1. Redistributions of source code must retain the above copyright
10c19800e8SDoug Rabson.\"    notice, this list of conditions and the following disclaimer.
11c19800e8SDoug Rabson.\"
12c19800e8SDoug Rabson.\" 2. Redistributions in binary form must reproduce the above copyright
13c19800e8SDoug Rabson.\"    notice, this list of conditions and the following disclaimer in the
14c19800e8SDoug Rabson.\"    documentation and/or other materials provided with the distribution.
15c19800e8SDoug Rabson.\"
16c19800e8SDoug Rabson.\" 3. Neither the name of the Institute nor the names of its contributors
17c19800e8SDoug Rabson.\"    may be used to endorse or promote products derived from this software
18c19800e8SDoug Rabson.\"    without specific prior written permission.
19c19800e8SDoug Rabson.\"
20c19800e8SDoug Rabson.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21c19800e8SDoug Rabson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22c19800e8SDoug Rabson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23c19800e8SDoug Rabson.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24c19800e8SDoug Rabson.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25c19800e8SDoug Rabson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26c19800e8SDoug Rabson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27c19800e8SDoug Rabson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28c19800e8SDoug Rabson.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29c19800e8SDoug Rabson.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30c19800e8SDoug Rabson.\" SUCH DAMAGE.
31c19800e8SDoug Rabson.\"
32*ae771770SStanislav Sedov.\" $Id$
33c19800e8SDoug Rabson.\"
34c19800e8SDoug Rabson.Dd December  8, 2004
355e9cd1aeSAssar Westerlund.Dt VERIFY_KRB5_CONF 8
365e9cd1aeSAssar Westerlund.Os HEIMDAL
375e9cd1aeSAssar Westerlund.Sh NAME
385e9cd1aeSAssar Westerlund.Nm verify_krb5_conf
394137ff4cSJacques Vidrine.Nd checks krb5.conf for obvious errors
405e9cd1aeSAssar Westerlund.Sh SYNOPSIS
415e9cd1aeSAssar Westerlund.Nm
425e9cd1aeSAssar Westerlund.Ar [config-file]
435e9cd1aeSAssar Westerlund.Sh DESCRIPTION
445e9cd1aeSAssar Westerlund.Nm
455e9cd1aeSAssar Westerlundreads the configuration file
465e9cd1aeSAssar Westerlund.Pa krb5.conf ,
475e9cd1aeSAssar Westerlundor the file given on the command line,
48*ae771770SStanislav Sedovparses it, checking verifying that the syntax is not correctly wrong.
494137ff4cSJacques Vidrine.Pp
504137ff4cSJacques VidrineIf the file is syntactically correct,
514137ff4cSJacques Vidrine.Nm
524137ff4cSJacques Vidrinetries to verify that the contents of the file is of relevant nature.
535e9cd1aeSAssar Westerlund.Sh ENVIRONMENT
545e9cd1aeSAssar Westerlund.Ev KRB5_CONFIG
555e9cd1aeSAssar Westerlundpoints to the configuration file to read.
565e9cd1aeSAssar Westerlund.Sh FILES
574137ff4cSJacques Vidrine.Bl -tag -width /etc/krb5.conf -compact
584137ff4cSJacques Vidrine.It Pa /etc/krb5.conf
594137ff4cSJacques VidrineKerberos 5 configuration file
604137ff4cSJacques Vidrine.El
61c19800e8SDoug Rabson.Sh DIAGNOSTICS
62c19800e8SDoug RabsonPossible output from
63c19800e8SDoug Rabson.Nm
64c19800e8SDoug Rabsoninclude:
65c19800e8SDoug Rabson.Bl -tag -width "FpathF"
66c19800e8SDoug Rabson.It "<path>: failed to parse <something> as size/time/number/boolean"
67c19800e8SDoug RabsonUsually means that <something> is misspelled, or that it contains
68c19800e8SDoug Rabsonweird characters. The parsing done by
69c19800e8SDoug Rabson.Nm
70c19800e8SDoug Rabsonis more strict than the one performed by libkrb5, so strings that
71c19800e8SDoug Rabsonwork in real life might be reported as bad.
72c19800e8SDoug Rabson.It "<path>: host not found (<hostname>)"
73c19800e8SDoug RabsonMeans that <path> is supposed to point to a host, but it can't be
74c19800e8SDoug Rabsonrecognised as one.
75c19800e8SDoug Rabson.It <path>: unknown or wrong type
76c19800e8SDoug RabsonMeans that <path> is either a string when it should be a list, vice
77c19800e8SDoug Rabsonversa, or just that
78c19800e8SDoug Rabson.Nm
79c19800e8SDoug Rabsonis confused.
80c19800e8SDoug Rabson.It <path>: unknown entry
81c19800e8SDoug RabsonMeans that <string> is not known by
82*ae771770SStanislav Sedov.Nm .
83c19800e8SDoug Rabson.El
845e9cd1aeSAssar Westerlund.Sh SEE ALSO
855e9cd1aeSAssar Westerlund.Xr krb5.conf 5
865e9cd1aeSAssar Westerlund.Sh BUGS
874137ff4cSJacques VidrineSince each application can put almost anything in the config file,
884137ff4cSJacques Vidrineit's hard to come up with a watertight verification process. Most of
894137ff4cSJacques Vidrinethe default settings are sanity checked, but this does not mean that
904137ff4cSJacques Vidrineevery problem is discovered, or that everything that is reported as a
914137ff4cSJacques Vidrinepossible problem actually is one. This tool should thus be used with
924137ff4cSJacques Vidrinesome care.
934137ff4cSJacques Vidrine.Pp
944137ff4cSJacques VidrineIt should warn about obsolete data, or bad practice, but currently
954137ff4cSJacques Vidrinedoesn't.
96