xref: /freebsd/crypto/heimdal/lib/krb5/verify_krb5_conf.8 (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1.\" $Id: verify_krb5_conf.8,v 1.7 2002/08/20 17:07:28 joda Exp $
2.\"
3.Dd August 30, 2001
4.Dt VERIFY_KRB5_CONF 8
5.Os HEIMDAL
6.Sh NAME
7.Nm verify_krb5_conf
8.Nd checks krb5.conf for obvious errors
9.Sh SYNOPSIS
10.Nm
11.Ar [config-file]
12.Sh DESCRIPTION
13.Nm
14reads the configuration file
15.Pa krb5.conf ,
16or the file given on the command line,
17and parses it, thereby verifying that the syntax is not correctly wrong.
18.Pp
19If the file is syntactically correct,
20.Nm
21tries to verify that the contents of the file is of relevant nature.
22.Sh DIAGNOSTICS
23Possible output from
24.Nm
25include:
26.Bl -tag -width "<path>"
27.It "<path>: failed to parse <something> as size/time/number/boolean"
28Usually means that <something> is misspelled, or that it contains
29weird characters. The parsing done by
30.Nm
31is more strict than the one performed by libkrb5, and so strings that
32work in real life, might be reported as bad.
33.It "<path>: host not found (<hostname>)"
34Means that <path> is supposed to point to a host, but it can't be
35recognised as one.
36.It <path>: unknown or wrong type
37Means that <path> is either is a string when it should be a list, vice
38versa, or just that
39.Nm
40is confused.
41.It <path>: unknown entry
42Means that <string> is not known by
43.Nm "" .
44.El
45.Sh ENVIRONMENT
46.Ev KRB5_CONFIG
47points to the configuration file to read.
48.Sh FILES
49.Bl -tag -width /etc/krb5.conf -compact
50.It Pa /etc/krb5.conf
51Kerberos 5 configuration file
52.El
53.Sh SEE ALSO
54.Xr krb5.conf 5
55.Sh BUGS
56Since each application can put almost anything in the config file,
57it's hard to come up with a water tight verification process. Most of
58the default settings are sanity checked, but this does not mean that
59every problem is discovered, or that everything that is reported as a
60possible problem actually is one. This tool should thus be used with
61some care.
62.Pp
63It should warn about obsolete data, or bad practice, but currently
64doesn't.
65