[augeas-devel] possible bug with krb5.conf lense

James Eckersall James.Eckersall at fasthosts.com
Thu Nov 14 09:01:21 UTC 2013 

Hi Dominic,

Thanks for the info.

I didn't realise that the EPEL version of augeas for EL5 is 1.1.0, but RHEL6 ships with 0.9.x, hence no package in EPEL for EL6.
It's a pity there aren't updated augeas packages for EL6 in EPEL, but I guess that breaks the EPEL philosophy.

I'll look for another source for the rpm.

Thanks

J

-----Original Message-----
From: augeas-devel-bounces at redhat.com [mailto:augeas-devel-bounces at redhat.com] On Behalf Of Dominic Cleal
Sent: 14 November 2013 08:47
To: augeas-devel at redhat.com
Subject: Re: [augeas-devel] possible bug with krb5.conf lense

On 13/11/13 17:09, James Eckersall wrote:
> Hi,
> 
>  
> 
> I'm using augeas-0.9.0-4.el6.x86_64 under CentOS 6.4and I believe I 
> have discovered a bug with the lense that handles /etc/krb5.conf.
> 
>  
> 
> The file has a section like the following:
> 
>  
> 
> [appdefaults]
> 
> pam = {   debug = false
> 
> }
> 
>  
> 
> This causes errors in /var/log/secure like the following (and breaks 
> kerberos auth):
> 
>  
> 
> pam_krb5[30146]: error initializing kerberos: -1765328248 (Improper 
> format of Kerberos configuration file)
> 
>  
> 
> I have narrowed it down to the fact that there is no newline after the 
> {
> 
>  
> 
> If I change the file to the following, it works fine.
> 
>  
> 
> [appdefaults]
> 
> pam = {
> 
>   debug = false
> 
> }
> 
>  
> 
> I'm using augeas via puppet as per the following:
> 
[snip]
>  
> 
> If I manually add the newline, the puppet run detects no changes, so 
> it looks to me like augeas is making no distinction between the 
> newline and not.
> 
>  
> 
> Could someone please confirm whether this is indeed a bug?

It seems to have been fixed between 0.9.0 and the current release, 1.1.0.  I can reproduce it on the former, but not the latter:

augtool> set /augeas/context /files/etc/krb5.conf set 
augtool> appdefaults/forwardable true set appdefaults/application pam 
augtool> set appdefaults/application/debug false save
Saved 1 file(s)
augtool> ^Z
[1]+  Stopped                 augtool -r /tmp/k5
$ cat /tmp/k5/etc/krb5.conf

[appdefaults]
forwardable = true
pam = {
debug = false
}

The syntax looks correct now.

--
Dominic Cleal
Red Hat Engineering

_______________________________________________
augeas-devel mailing list
augeas-devel at redhat.com
https://www.redhat.com/mailman/listinfo/augeas-devel

More information about the augeas-devel mailing list