Opened 9 years ago
Closed 8 years ago
#7 closed defect (fixed)
verify_krb5_conf not consistently drive letter tolerant
| Reported by: | Lewis Rosenthal | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | Heimdal - 1.5.3 |
| Component: | utilities | Version: | Heimdal - 1.5.3 |
| Keywords: | Cc: |
Description
Attempting to check validity of krb5.conf using verify_krb5_conf.exe with KRB5_CONFIG=c:/mptn/etc/krb5.conf (for example), yields:
verify_krb5_conf: krb5_config_parse_file: open c: No such file or directory
Explicitly stating the configuration file (including drive letter and path) seems to work, however.
Change History (11)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
Assuming one explicitly specifies the location of krb5.conf, the command seems to work (it may have before). Thus:
[c:\]verify_krb5_conf.exe --dumpconfig c:\MPTN\ETC\krb5.conf
works, however:
[c:\]verify_krb5_conf.exe --dumpconfig
verify_krb5_conf.exe: krb5_config_parse_file: open c: No such file or directory
[libdefaults]
default_realm = SAMBA.ARCANOAE
dns_lookup_kdc = false
verify_ap_req_nofail = true
default_cc_name = FILE:C:/var/temp/krb5cc_%{uid}
[realms]
SAMBA.ARCANOAE = {
kdc = KERBEROS.SAMBA.ARCANOAE
kdc = 192.168.100.17
admin_server = KERBEROS.SAMBA.ARCANOAE
}
[logging]
kdc = CONSOLE
So, it did actually dump the config, but it made noise about it. Running the above from a different volume, however, yields:
[j:\]verify_krb5_conf.exe --dumpconfig verify_krb5_conf.exe: krb5_config_parse_file: open c: No such file or directory verify_krb5_conf.exe: krb5_config_parse_file: open /mptn/etc/krb5.conf: No such file or directory
This looks like the same "colon confusion" as we saw with #6. Are you sure this one isn't static?
comment:3 by , 8 years ago
You're right - it seems verify_krb5_conf statically links krb5.
http://smedley.id.au/tmp/heimdal-1.5.3-os2-20160723.zip has a rebuild....
comment:4 by , 8 years ago
Getting closer:
[j:\download\os2\kerberos]verify_krb5_conf.exe --dumpconfig
verify_krb5_conf.exe: krb5_config_parse_file: Access to home directory not allowed
[libdefaults]
default_realm = SAMBA.ARCANOAE
dns_lookup_kdc = false
verify_ap_req_nofail = true
default_cc_name = FILE:C:/var/temp/krb5cc_%{uid}
[realms]
SAMBA.ARCANOAE = {
kdc = KERBEROS.SAMBA.ARCANOAE
kdc = 192.168.100.17
admin_server = KERBEROS.SAMBA.ARCANOAE
}
[logging]
kdc = CONSOLE
I get the same warning about the home directory when I am logged onto the same volume where it is located and when I am not.
comment:5 by , 8 years ago
Interesting, here I get:
[U:\DEV\kerberos-netlabs\heimdal\trunk\lib\krb5]verify_krb5_conf --dumpconfig
[libdefaults]
default_realm = SAMBA.ARCANOAE
dns_lookup_kdc = false
[realms]
SAMBA.ARCANOAE = {
kdc = KERBEROS.SAMBA.ARCANOAE
admin_server = KERBEROS.SAMBA.ARCANOAE
}
[logging]
kdc = console
verify_krb5_conf: /logging/kdc: unknown log type: "console"
comment:7 by , 8 years ago
Hmmm...
With the above, whether logged onto the same volume with the config or not, I get:
[j:\download\os2\kerberos]verify_krb5_conf.exe --dumpconfig verify_krb5_conf.exe: krb5_config_parse_file: open C:\HOME\DEFAULT/.krb5/config: No such file or directory
and then the expected output.
I get the same result with the krb5.dll from the latest full package:
7-22-16 18:01 1,109,392 124 krb5.dll
The point is that we shouldn't be looking in %HOME% at all unless KRB5_CONFIG points to it.
With:
KRB5_CONFIG=%ETC%/krb5.conf
I get expected results (with files from the latest full build). What we need to do is in the absence of KRB5_CONFIG in the environment, just follow our default of %ETC% to find the conf (which is apparently how the output is being located).
comment:8 by , 8 years ago
The following paths are searched for krb5.conf:
KRB5_LIB_VARIABLE const char *krb5_config_file =
#ifdef __APPLE__
"~/Library/Preferences/com.apple.Kerberos.plist" PATH_SEP
"/Library/Preferences/com.apple.Kerberos.plist" PATH_SEP
"~/Library/Preferences/edu.mit.Kerberos" PATH_SEP
"/Library/Preferences/edu.mit.Kerberos" PATH_SEP
#endif /* __APPLE__ */
"~/.krb5/config" PATH_SEP
SYSCONFDIR "/krb5.conf"
#ifdef _WIN32
PATH_SEP "%{COMMON_APPDATA}/Kerberos/krb5.conf"
PATH_SEP "%{WINDOWS}/krb5.ini"
#else
PATH_SEP "/etc/krb5.conf"
#endif
;
The warning about %HOME%/.krb5/config is a result of the expansion of "~/.krb5/config" I personally think this warning is relatively harmless - it would be preferable if it searched that directory and ignored the error, but still pretty harmless....
comment:9 by , 8 years ago
Agreed. Obviously, there is no harm done searching there, but we should only throw an warning (I would think) when we can't find a conf anywhere.
I don't want to suggest that we not look under ~/.krb5/config, because some OS/2 systems are set up for multiuser, and this may become more common at some point in the future.
comment:10 by , 8 years ago
I don't really disagree regarding the warning, but it's non-trivial to mask it away.... The easiest short term fix would be to NOT open ~/.krb5/config....
comment:11 by , 8 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
There are more important things to do. For now, this is a readme item, like the accepted time formats discussed in ticket #5.
Does http://smedley.id.au/tmp/krb5.zip fix this too?