[augeas-devel] possible bug with krb5.conf lense
James Eckersall
James.Eckersall at fasthosts.com
Wed Nov 13 17:09:26 UTC 2013
Hi,
I'm using augeas-0.9.0-4.el6.x86_64 under CentOS 6.4 and I believe I have discovered a bug with the lense that handles /etc/krb5.conf.
The file has a section like the following:
[appdefaults]
pam = { debug = false
}
This causes errors in /var/log/secure like the following (and breaks kerberos auth):
pam_krb5[30146]: error initializing kerberos: -1765328248 (Improper format of Kerberos configuration file)
I have narrowed it down to the fact that there is no newline after the {
If I change the file to the following, it works fine.
[appdefaults]
pam = {
debug = false
}
I'm using augeas via puppet as per the following:
augeas { "set /etc/krb.conf":
context => "/files/etc/krb5.conf",
changes => [
"set libdefaults/default_realm 'TEST.COM'",
"set libdefaults/dns_lookup_realm false",
"set libdefaults/dns_lookup_kdc false",
"set libdefaults/ticket_lifetime 24h",
"set libdefaults/forwardable yes",
"set libdefaults/debug false",
"set realms/realm TEST.COM",
"set realms/realm/kdc[1] 10.1.1.1:88",
"set realms/realm/kdc[2] 10.1.1.2:88",
"set realms/realm/default_domain test.com ",
"set domain_realm/.test.com TEST.COM",
"set domain_realm/test.com TEST.COM",
"set appdefaults/forwardable true",
"set appdefaults/application pam",
"set appdefaults/application/debug false",
],
}
If I manually add the newline, the puppet run detects no changes, so it looks to me like augeas is making no distinction between the newline and not.
Could someone please confirm whether this is indeed a bug?
Regards
J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20131113/cf60f671/attachment.htm>
More information about the augeas-devel
mailing list