How krb5.conf is parsed (especially in respect to comments)

Nico Williams nico at
Mon Mar 26 21:57:22 CEST 2018

On Mon, Mar 26, 2018 at 09:26:11PM +0200, Harald Barth wrote:
> > A value string is all of the contents to the right of the equal sign
> > until the end of line.
> To the right of the equal sign and any following whitespace. So it
> seems one can have whitespace inside the value but no value which
> starts with whitespace. According to my tests these two values are the
> file "/tmp/foo bar #"
> 	default_cc_name =      /tmp/foo bar #baz
> or
> 	default_cc_name =/tmp/foo bar #baz
> give
> $ klist
> klist: No ticket file: /tmp/foo bar #baz


> So that probably means that both 
> >  STRINGs consists of one or more non-whitespace characters.
> from Heimdal man krb5.conf and kinits handing of
> 	renew_lifetime = 3 days
> are wrong?

No, the docs are wrong.  This depends, among other things, on whether a
parameter is treated as sinle- or multi-valued.  This mess is really
some grad student's fault in MIT Kerberos in the 90s, if not even

We should check that we have the same behavior as MIT.

We should really move to a new format some day...  But that will
probably never happen.

> Probably the documentation, kinit and verify_krb5_conf should agree
> about the format.

Probably :/


More information about the Heimdal-discuss mailing list