xref: /freebsd/crypto/heimdal/lib/krb5/verify_krb5_conf.8 (revision 59e2ff550c448126b988150ce800cdf73bb5103e)
1.\" Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan
2.\" (Royal Institute of Technology, Stockholm, Sweden).
3.\" All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\"
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\"
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\"
16.\" 3. Neither the name of the Institute nor the names of its contributors
17.\"    may be used to endorse or promote products derived from this software
18.\"    without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" $Id$
33.\"
34.Dd December  8, 2004
35.Dt VERIFY_KRB5_CONF 8
36.Os HEIMDAL
37.Sh NAME
38.Nm verify_krb5_conf
39.Nd checks krb5.conf for obvious errors
40.Sh SYNOPSIS
41.Nm
42.Ar [config-file]
43.Sh DESCRIPTION
44.Nm
45reads the configuration file
46.Pa krb5.conf ,
47or the file given on the command line,
48parses it, checking verifying that the syntax is not correctly wrong.
49.Pp
50If the file is syntactically correct,
51.Nm
52tries to verify that the contents of the file is of relevant nature.
53.Sh ENVIRONMENT
54.Ev KRB5_CONFIG
55points to the configuration file to read.
56.Sh FILES
57.Bl -tag -width /etc/krb5.conf -compact
58.It Pa /etc/krb5.conf
59Kerberos 5 configuration file
60.El
61.Sh DIAGNOSTICS
62Possible output from
63.Nm
64include:
65.Bl -tag -width "FpathF"
66.It "<path>: failed to parse <something> as size/time/number/boolean"
67Usually means that <something> is misspelled, or that it contains
68weird characters. The parsing done by
69.Nm
70is more strict than the one performed by libkrb5, so strings that
71work in real life might be reported as bad.
72.It "<path>: host not found (<hostname>)"
73Means that <path> is supposed to point to a host, but it can't be
74recognised as one.
75.It <path>: unknown or wrong type
76Means that <path> is either a string when it should be a list, vice
77versa, or just that
78.Nm
79is confused.
80.It <path>: unknown entry
81Means that <string> is not known by
82.Nm .
83.El
84.Sh SEE ALSO
85.Xr krb5.conf 5
86.Sh BUGS
87Since each application can put almost anything in the config file,
88it's hard to come up with a watertight verification process. Most of
89the default settings are sanity checked, but this does not mean that
90every problem is discovered, or that everything that is reported as a
91possible problem actually is one. This tool should thus be used with
92some care.
93.Pp
94It should warn about obsolete data, or bad practice, but currently
95doesn't.
96