|| FreeBSD System Manager's Manual
checks krb5.conf for obvious errors
reads the configuration file
, or the file given on the command line, parses it, checking verifying that the syntax is not correctly wrong.
If the file is syntactically correct, verify_krb5_conf tries to verify that the contents of the file is of relevant nature.
KRB5_CONFIG points to the configuration file to read.
Kerberos 5 configuration file
Possible output from
<path>: failed to parse <something> as size/time/number/boolean
Usually means that <something> is misspelled, or that it contains weird characters. The parsing done by
verify_krb5_conf is more strict than the one performed by libkrb5, so strings that work in real life might be reported as bad.
<path>: host not found (<hostname>)
Means that <path> is supposed to point to a host, but it can't be recognised as one.
<path>: unknown or wrong type
Means that <path> is either a string when it should be a list, vice versa, or just that
verify_krb5_conf is confused.
<path>: unknown entry
Means that <string> is not known by
Since each application can put almost anything in the config file, it's hard to come up with a watertight verification process. Most of the default settings are sanity checked, but this does not mean that every problem is discovered, or that everything that is reported as a possible problem actually is one. This tool should thus be used with some care.
It should warn about obsolete data, or bad practice, but currently doesn't.