How krb5.conf is parsed (especially in respect to comments)
jaltman at secure-endpoints.com
Mon Mar 26 16:31:25 CEST 2018
On 3/26/2018 5:29 AM, Harald Barth wrote:
> Is there any consenus about using comments in krb5.conf and how it
> should be parsed?
> I have tried to figure out what is OK according to the documentation
> but not found anything about comments in the manual pages. There
> is a widespread use of comments like this:
> default_realm = EXAMPLE.COM
> # The following krb5.conf variables are only for MIT Kerberos.
> krb4_config = /etc/krb.conf
> krb4_realms = /etc/krb.realms
> and usage of "#" at the beginning of the line will make the parser
> ignore that line and it works as a comment.
The above is a comment.
> But if I write:
> renew_lifetime = 3d # this comment will break things
This is not a comment. This is setting the value of "renew_lifetime" to
the string "3d # this comment will break things". The error that is
generated is the failure of
"3d # this comment will break things"
to be a valid date string.
It is perfectly valid for a '#' to be present in a value string. A
value string is all of the contents to the right of the equal sign until
the end of line.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4080 bytes
Desc: S/MIME Cryptographic Signature
More information about the Heimdal-discuss