[augeas-devel] adjustment to the krb5.aug lense

Pat Riehecky riehecky at fnal.gov
Tue Feb 7 22:12:21 UTC 2012 

The krb5.aug lense is unable to parse my site's krb5.conf (publicly 
available at http://security.fnal.gov/krb5.conf)

I've almost gotten it to be able to read the v4_name_convert section 
(line 194) but just can't seem to get it right.

My patch below gets me almost there, but I'm stuck for what to do to 
fixup the last little bit.  I can get

CERN.CH = {
      kdc = cerndc.cern.ch:88
      master_kdc = cerndc.cern.ch:88
      default_domain = cern.ch
      kpasswd_server = afskrb5m.cern.ch
      admin_server = afskrb5m.cern.ch
      v4_name_convert = {
            host = rcmd
           }
}

to work with this patch but not

CERN.CH = {
      kdc = cerndc.cern.ch:88
      master_kdc = cerndc.cern.ch:88
      default_domain = cern.ch
      kpasswd_server = afskrb5m.cern.ch
      admin_server = afskrb5m.cern.ch
      v4_name_convert = {
            host = {
                   rcmd = host
                   }
           }
}

My various attempts all end up breaking v4_instance_convert.

I tried the suggestion offered some ways back of making the 
v4_name_convert section more top level, but the entry in libdefaults is 
a true/false while the one in a realm is much more tree like.  It seemed 
that would make matters worse.

May I request a little help?

--- lenses/krb5.aug.orig    2012-02-07 14:00:13.349952582 -0600
+++ lenses/krb5.aug    2012-02-07 16:02:03.465813208 -0600
@@ -24,7 +24,7 @@ let realm_re = /[A-Z][.a-zA-Z0-9-]*/
  let app_re = /[a-z][a-zA-Z0-9_]*/
  let name_re = /[.a-zA-Z0-9_-]+/

-let value = store /[^;# \t\n{}]+/
+let value = store /[^;# \t\n{}]|[^;# \t\n{}][^#\n]*[^;# \t\n{}]/
  let entry (kw:regexp) (sep:lens) (comment:lens)
      = [ indent . key kw . sep . value . (comment|eol) ] | comment

@@ -61,8 +61,8 @@ let appdefaults =
  let realms =
    let simple_option = /kdc|admin_server|database_module|default_domain/
        |/v4_realm|auth_to_local(_names)?|master_kdc|kpasswd_server/
-      |/admin_server/ in
-  let subsec_option = /v4_instance_convert/ in
+      |/admin_server|ticket_lifetime/ in
+  let subsec_option = /v4_instance_convert|v4_name_convert/ in
    let option = entry simple_option eq comment in
    let subsec = [ indent . key subsec_option . eq_openbr .
                     (entry name_re eq comment)* . closebr . eol ] in

-- 
Pat Riehecky
Scientific Linux Developer

More information about the augeas-devel mailing list