How krb5.conf is parsed (especially in respect to comments)

Harald Barth haba at
Mon Mar 26 21:26:11 CEST 2018

>> # The following krb5.conf variables are only for MIT Kerberos.

> The above is a comment.

I have not found a place describing this, but I did not serach too

> It is perfectly valid for a '#' to be present in a value string.

> A value string is all of the contents to the right of the equal sign
> until the end of line.

To the right of the equal sign and any following whitespace. So it
seems one can have whitespace inside the value but no value which
starts with whitespace. According to my tests these two values are the
file "/tmp/foo bar #"

	default_cc_name =      /tmp/foo bar #baz
	default_cc_name =/tmp/foo bar #baz

$ klist
klist: No ticket file: /tmp/foo bar #baz

So that probably means that both 

>  STRINGs consists of one or more non-whitespace characters.

from Heimdal man krb5.conf and kinits handing of

	renew_lifetime = 3 days

are wrong?

Probably the documentation, kinit and verify_krb5_conf should agree
about the format.


More information about the Heimdal-discuss mailing list