At the moment, heimdal's verify_krb5_conf is already not happy with
krb5.conf shipped by bin:krb5-config:
# verify_krb5_conf
verify_krb5_conf: krb5_config_parse_file: open /root/.krb5/config: No
such file or directory
verify_krb5_conf: /libdefaults/ccache_type: unknown entry
verify_krb5_conf: /libdefaults/rdns: unknown entry
verify_krb5_conf: /realms/1TS.ORG/kdc: Temporary failure in name
resolution (kerberos.1ts.org)
verify_krb5_conf: /realms/1TS.ORG/admin_server: Temporary failure in
name resolution (kerberos.1ts.org)
^C
(remove 1TS.ORG and try again)
# verify_krb5_conf
verify_krb5_conf: krb5_config_parse_file: open /root/.krb5/config: No
such file or directory
verify_krb5_conf: /libdefaults/ccache_type: unknown entry
verify_krb5_conf: /libdefaults/rdns: unknown entry
root@o-heimdal:~# echo $?
1
I can grab a ticket, though:
root@o-heimdal:~# kinit andreas
andreas@LOWTECH's Password:
root@o-heimdal:~#
But if I add the includedir line, without support in heimdal, it
breaks immediately:
root@o-heimdal:~# mkdir /etc/krb5.conf.d
root@o-heimdal:~# sed -r -i '1 i\includedir /etc/krb5.conf.d\n' /etc/krb5.conf
root@o-heimdal:~# kinit andreas
kinit: krb5_parse_name_flags: unable to find realm of host o-heimdal
root@o-heimdal:~#
root@o-heimdal:~# head /etc/krb5.conf -n 4
includedir /etc/krb5.conf.d
[libdefaults]
default_realm = LOWTECH
Oddly enough, verify_krb5_conf is now happier:
root@o-heimdal:~# verify_krb5_conf
verify_krb5_conf: krb5_config_parse_file: open /root/.krb5/config: No
such file or directory
verify_krb5_conf: krb5_config_parse_file: /etc/krb5.conf:1: binding
before section
root@o-heimdal:~# echo $?
0
This was all with the normal heimdal package, not the patched one.
And, to reply to another question from before, if I put the includedir
directive inside a section, for example, inside [libdefaults], that's
invalid because it expects all entries in sections to be key=pair
values:
root@o-heimdal:~# head /etc/krb5.conf -n 4
[libdefaults]
includedir /etc/krb5.conf.d
default_realm = LOWTECH
root@o-heimdal:~# verify_krb5_conf
verify_krb5_conf: krb5_config_parse_file: open /root/.krb5/config: No
such file or directory
verify_krb5_conf: krb5_config_parse_file: /etc/krb5.conf:3: missing =
