[augeas-devel] krb5.conf file update not working unless line already exists. What am I doing wrong?

Mon Feb 22 23:02:37 UTC 2021

Hello Spike,

The error message is telling us something has gone wrong, but it's not 
very specific.

It is helpful is to look at the output from the 'print' command from the 
hand-editted file

# augtool print /files/etc/krb5.conf
/files/etc/krb5.conf
/files/etc/krb5.conf/libdefaults
/files/etc/krb5.conf/libdefaults/default_tgs_enctypes[1] = 
"arcfour-hmac-md5"
/files/etc/krb5.conf/libdefaults/default_tgs_enctypes[2] = 
"aes128-cts-hmac-sha1-96"
/files/etc/krb5.conf/libdefaults/default_tgs_enctypes[3] = 
"aes256-cts-hmac-sha1-96"
/files/etc/krb5.conf/libdefaults/#eol[1]
/files/etc/krb5.conf/libdefaults/default_tkt_enctypes[1] = 
"arcfour-hmac-md5"
/files/etc/krb5.conf/libdefaults/default_tkt_enctypes[2] = 
"aes128-cts-hmac-sha1-96"
/files/etc/krb5.conf/libdefaults/default_tkt_enctypes[3] = 
"aes256-cts-hmac-sha1-96"
/files/etc/krb5.conf/libdefaults/#eol[2]
/files/etc/krb5.conf/libdefaults/default_realm = "AMER.DELL.COM"
/files/etc/krb5.conf/libdefaults/ticket_lifetime = "36000"
/files/etc/krb5.conf/libdefaults/forwardable = "true"
/files/etc/krb5.conf/domain_realm
/files/etc/krb5.conf/domain_realm/auspslpltinf1.us.dell.com = 
"AMER.DELL.COM"

Adding the lines #eol[] to the augtool script resolves this issue:

load-file /etc/krb5.conf
defnode libdefaults /files/etc/krb5.conf/libdefaults
set $libdefaults/default_tgs_enctypes[1] 'arcfour-hmac-md5'
set $libdefaults/default_tgs_enctypes[2] 'aes128-cts-hmac-sha1-96'
set $libdefaults/default_tgs_enctypes[3] 'aes256-cts-hmac-sha1-96'
set $libdefaults/#eol[1]
set $libdefaults/default_tkt_enctypes[1] 'arcfour-hmac-md5'
set $libdefaults/default_tkt_enctypes[2] 'aes128-cts-hmac-sha1-96'
set $libdefaults/default_tkt_enctypes[3] 'aes256-cts-hmac-sha1-96'
set $libdefaults/#eol[2]
save

Regards,
George Hansper

On 23/2/21 7:21 am, Spike White wrote:
> In summary,  here's a simple augtool file:
>
> set /augeas/load/Krb5/incl "/etc/krb5.conf"
> set /augeas/load/Krb5/lens "Krb5.lns"
> load
> defnode libdefaults /files/etc/krb5.conf/libdefaults
> set $libdefaults/default_tgs_enctypes[1] 'arcfour-hmac-md5'
> set $libdefaults/default_tgs_enctypes[2] 'aes128-cts-hmac-sha1-96'
> set $libdefaults/default_tgs_enctypes[3] 'aes256-cts-hmac-sha1-96'
> set $libdefaults/default_tkt_enctypes[1] 'arcfour-hmac-md5'
> set $libdefaults/default_tkt_enctypes[2] 'aes128-cts-hmac-sha1-96'
> set $libdefaults/default_tkt_enctypes[3] 'aes256-cts-hmac-sha1-96'
> save
> print /augeas//error
>
> Here's a simple /etc/krb5.conf file:
>
> [libdefaults]
>  default_realm = AMER.DELL.COM <http://AMER.DELL.COM>
>  ticket_lifetime = 36000
>  forwardable = true
>
> [domain_realm]
> auspslpltinf1.us.dell.com <http://auspslpltinf1.us.dell.com> = 
> AMER.DELL.COM <http://AMER.DELL.COM>
>
> Here's the augtool invocation:
>
> augtool --noautoload -f krb5.aug
>
> Here's the error:
>
> [root at auspslpltinf1 tmp]# augtool --noautoload -f krb5.aug
> error: Failed to execute command
> saving failed (run 'print /augeas//error' for details)
> /augeas/files/etc/krb5.conf/error = "put_failed"
> /augeas/files/etc/krb5.conf/error/path = 
> "/files/etc/krb5.conf/libdefaults"
> /augeas/files/etc/krb5.conf/error/lens = 
> "/usr/share/augeas/lenses/dist/inifile.aug:353.27-354.17:"
> /augeas/files/etc/krb5.conf/error/message = "Failed to match \n    ({ 
> /[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Gg][Ss]_[Ee][Nn][Cc][Tt][Yy][Pp][Ee](([Ss][.0-9A-Z_a-z-]|[.0-9A-RT-Z_a-rt-z-])[.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Gg][Ss]_[Ee][Nn][Cc][Tt][Yy][Pp]([.0-9A-DF-Z_a-df-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Gg][Ss]_[Ee][Nn][Cc][Tt][Yy]([.0-9A-OQ-Z_a-oq-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Gg][Ss]_[Ee][Nn][Cc][Tt]([.0-9A-XZ_a-xz-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Gg][Ss]_[Ee][Nn][Cc]([.0-9A-SU-Z_a-su-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Gg][Ss]_[Ee][Nn]([.0-9ABD-Z_abd-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Gg][Ss]_[Ee]([.0-9A-MO-Z_a-mo-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Gg][Ss]_([.0-9A-DF-Z_a-df-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Gg][Ss]([.0-9A-Za-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Kk][Tt]_[Ee][Nn][Cc][Tt][Yy][Pp][Ee](([Ss][.0-9A-Z_a-z-]|[.0-9A-RT-Z_a-rt-z-])[.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Kk][Tt]_[Ee][Nn][Cc][Tt][Yy][Pp]([.0-9A-DF-Z_a-df-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Kk][Tt]_[Ee][Nn][Cc][Tt][Yy]([.0-9A-OQ-Z_a-oq-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Kk][Tt]_[Ee][Nn][Cc][Tt]([.0-9A-XZ_a-xz-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Kk][Tt]_[Ee][Nn][Cc]([.0-9A-SU-Z_a-su-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Kk][Tt]_[Ee][Nn]([.0-9ABD-Z_abd-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Kk][Tt]_[Ee]([.0-9A-MO-Z_a-mo-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Kk][Tt]_([.0-9A-DF-Z_a-df-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Kk][Tt]([.0-9A-Za-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Kk]([.0-9A-SU-Z_a-su-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt][Gg]([.0-9A-RT-Z_a-rt-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_[Tt]([.0-9A-FH-JL-Z_a-fh-jl-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]_([.0-9A-SU-Z_a-su-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll][Tt]([.0-9A-Za-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu][Ll]([.0-9A-SU-Z_a-su-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa][Uu]([.0-9A-KM-Z_a-km-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff][Aa]([.0-9A-TV-Z_a-tv-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee][Ff]([.0-9B-Z_b-z-][.0-9A-Z_a-z-]*|)|[Dd][Ee]([.0-9A-EG-Z_a-eg-z-][.0-9A-Z_a-z-]*|)|[Pp][Ee][Rr][Mm][Ii][Tt][Tt][Ee][Dd]_[Ee][Nn][Cc][Tt][Yy][Pp][Ee](([Ss][.0-9A-Z_a-z-]|[.0-9A-RT-Z_a-rt-z-])[.0-9A-Z_a-z-]*|)|[Pp][Ee][Rr][Mm][Ii][Tt][Tt][Ee][Dd]_[Ee][Nn][Cc][Tt][Yy][Pp]([.0-9A-DF-Z_a-df-z-][.0-9A-Z_a-z-]*|)|[Pp][Ee][Rr][Mm][Ii][Tt][Tt][Ee][Dd]_[Ee][Nn][Cc][Tt][Yy]([.0-9A-OQ-Z_a-oq-z-][.0-9A-Z_a-z-]*|)|[Pp][Ee][Rr][Mm][Ii][Tt][Tt][Ee][Dd]_[Ee][Nn][Cc][Tt]([.0-9A-XZ_a-xz-][.0-9A-Z_a-z-]*|)|[Pp][Ee][Rr][Mm][Ii][Tt][Tt][Ee][Dd]_[Ee][Nn][Cc]([.0-9A-SU-Z_a-su-z-][.0-9A-Z_a-z-]*|)|[Pp][Ee][Rr][Mm][Ii][Tt][Tt][Ee][Dd]_[Ee][Nn]([.0-9ABD-Z_abd-z-][.0-9A-Z_a-z-]*|)|[Pp][Ee][Rr][Mm][Ii][Tt][Tt][Ee][Dd]_[Ee]([.0-9A-MO-Z_a-mo-z-][.0-9A-Z_a-z-]*|)|[Pp][Ee][Rr][Mm][Ii][Tt][Tt][Ee][Dd]_([.0-9A-DF-Z_a-df-z-][.0-9A-Z_a-z-]*|)|[Pp][Ee][Rr][Mm][Ii][Tt][Tt][Ee][Dd]([.0-9A-Za-z-][.0-9A-Z_a-z-]*|)|[Pp][Ee][Rr][Mm][Ii][Tt][Tt][Ee]([.0-9A-CE-Z_a-ce-z-][.0-9A-Z_a-z-]*|)|[Pp][Ee][Rr][Mm][Ii][Tt][Tt]([.0-9A-DF-Z_a-df-z-][.0-9A-Z_a-z-]*|)|[Pp][Ee][Rr][Mm][Ii][Tt]([.0-9A-SU-Z_a-su-z-][.0-9A-Z_a-z-]*|)|[Pp][Ee][Rr][Mm][Ii]([.0-9A-SU-Z_a-su-z-][.0-9A-Z_a-z-]*|)|[Pp][Ee][Rr][Mm]([.0-9A-HJ-Z_a-hj-z-][.0-9A-Z_a-z-]*|)|[Pp][Ee][Rr]([.0-9A-LN-Z_a-ln-z-][.0-9A-Z_a-z-]*|)|[Pp][Ee]([.0-9A-QS-Z_a-qs-z-][.0-9A-Z_a-z-]*|)|([Pp][.0-9A-DF-Z_a-df-z-]|[Dd][.0-9A-DF-Z_a-df-z-]|[.0-9A-CE-OQ-Z_a-ce-oq-uw-z-][.0-9A-Z_a-z-])([.0-9A-Z_a-z-][.0-9A-Z_a-z-]*|)|(v4_name_convert[.0-9A-Z_a-z-][.0-9A-Z_a-z-]|v4_name_conver[.0-9A-Z_a-su-z-][.0-9A-Z_a-z-])[.0-9A-Z_a-z-]*|v4_name_convert[.0-9A-Z_a-z-]|v4_name_conver[.0-9A-Z_a-su-z-]|v4_name_conver|v4_name_conve[.0-9A-Z_a-qs-z-][.0-9A-Z_a-z-][.0-9A-Z_a-z-]*|v4_name_conve[.0-9A-Z_a-qs-z-]|v4_name_conve|v4_na[.0-9A-Z_a-ln-z-][.0-9A-Z_a-z-][.0-9A-Z_a-z-]*|v4_na[.0-9A-Z_a-ln-z-]|v4_na|v[.0-35-9A-Z_a-z-][.0-9A-Z_a-z-][.0-9A-Z_a-z-]*|v[.0-35-9A-Z_a-z-]|v4[.0-9A-Za-z-][.0-9A-Z_a-z-][.0-9A-Z_a-z-]*|v4[.0-9A-Za-z-]|v4|v4_n[.0-9A-Z_b-z-][.0-9A-Z_a-z-][.0-9A-Z_a-z-]*|v4_n[.0-9A-Z_b-z-]|v4_n|v4_[.0-9A-Z_a-mo-z-][.0-9A-Z_a-z-][.0-9A-Z_a-z-]*|v4_[.0-9A-Z_a-mo-z-]|v4_|v4_nam[.0-9A-Z_a-df-z-][.0-9A-Z_a-z-][.0-9A-Z_a-z-]*|v4_nam[.0-9A-Z_a-df-z-]|v4_nam|v4_name_conv[.0-9A-Z_a-df-z-][.0-9A-Z_a-z-][.0-9A-Z_a-z-]*|v4_name_conv[.0-9A-Z_a-df-z-]|v4_name_conv|v4_name_con[.0-9A-Z_a-uw-z-][.0-9A-Z_a-z-][.0-9A-Z_a-z-]*|v4_name_con[.0-9A-Z_a-uw-z-]|v4_name_con|v4_name_co[.0-9A-Z_a-mo-z-][.0-9A-Z_a-z-][.0-9A-Z_a-z-]*|v4_name_co[.0-9A-Z_a-mo-z-]|v4_name_co|v4_name_c[.0-9A-Z_a-np-z-][.0-9A-Z_a-z-][.0-9A-Z_a-z-]*|v4_name_c[.0-9A-Z_a-np-z-]|v4_name_c|v4_name_[.0-9A-Z_abd-z-][.0-9A-Z_a-z-][.0-9A-Z_a-z-]*|v4_name_[.0-9A-Z_abd-z-]|v4_name_|v4_name[.0-9A-Za-z-][.0-9A-Z_a-z-][.0-9A-Z_a-z-]*|v4_name[.0-9A-Za-z-]|v4_name|v|[Pp]|[Dd]|[.0-9A-CE-OQ-Z_a-ce-oq-uw-z-]/ 
> = /[^\\001-\\004\\t\\n #;]+/ } | { /#comment/ = /(([^\\001-\\004\\t\\n 
> ][^\\001-\\004\\n]*[^\\001-\\004\\t\\n ]|[^\\001-\\004\\t\\n ]))?/ } | 
> { /permitted_enctypes/ = /[0-9A-Za-z-]{3,}/ }({ /permitted_enctypes/ = 
> /[0-9A-Za-z-]{3,}/ })*({ /#comment/ = /(([^\\001-\\004\\t\\n 
> ][^\\001-\\004\\n]*[^\\001-\\004\\t\\n ]|[^\\001-\\004\\t\\n ]))?/ } | 
> ()){ /#eol/ } | { /default_tgs_enctypes/ = /[0-9A-Za-z-]{3,}/ }({ 
> /default_tgs_enctypes/ = /[0-9A-Za-z-]{3,}/ })*({ /#comment/ = 
> /(([^\\001-\\004\\t\\n ][^\\001-\\004\\n]*[^\\001-\\004\\t\\n 
> ]|[^\\001-\\004\\t\\n ]))?/ } | ()){ /#eol/ } | { 
> /default_tkt_enctypes/ = /[0-9A-Za-z-]{3,}/ }({ /default_tkt_enctypes/ 
> = /[0-9A-Za-z-]{3,}/ })*({ /#comment/ = /(([^\\001-\\004\\t\\n 
> ][^\\001-\\004\\n]*[^\\001-\\004\\t\\n ]|[^\\001-\\004\\t\\n ]))?/ } | 
> ()){ /#eol/ } | { /v4_name_convert/ } | { })*\n  with tree\n    { 
> \"default_realm\" = \"AMER.DELL.COM <http://AMER.DELL.COM>\" } { 
> \"ticket_lifetime\" = \"36000\" } { \"forwardable\" = \"true\" } {  } 
> { \"default_tgs_enctypes\" = \"arcfour-hmac-md5\" } { 
> \"default_tgs_enctypes\" = \"aes128-cts-hmac-sha1-96\" } { 
> \"default_tgs_enctypes\" = \"aes256-cts-hmac-sha1-96\" } { 
> \"default_tkt_enctypes\" = \"arcfour-hmac-md5\" } { 
> \"default_tkt_enctypes\" = \"aes128-cts-hmac-sha1-96\" } { 
> \"default_tkt_enctypes\" = \"aes256-cts-hmac-sha1-96\" }"
>
> If I manually fix up the /etc/krb5.conf file:
>
> [libdefaults]
>   default_tgs_enctypes = arcfour-hmac-md5 aes128-cts-hmac-sha1-96 
> aes256-cts-hmac-sha1-96
>   default_tkt_enctypes = arcfour-hmac-md5 aes128-cts-hmac-sha1-96 
> aes256-cts-hmac-sha1-96
>  default_realm = AMER.DELL.COM <http://AMER.DELL.COM>
>  ticket_lifetime = 36000
>  forwardable = true
>
> [domain_realm]
> auspslpltinf1.us.dell.com <http://auspslpltinf1.us.dell.com> = 
> AMER.DELL.COM <http://AMER.DELL.COM>
>
> the augtool invocation works fine.
>
> Spike
>
>
> On Thu, Feb 18, 2021 at 12:46 PM Spike White <spikewhitetx at gmail.com 
> <mailto:spikewhitetx at gmail.com>> wrote:
>
>     augeas experts,
>
>     I am trying to update my /etc/krb5.conf.  I'm testing (for now)
>     with a /tmp/krb5.conf file on RHEL7.
>
>     I have to have it not autoload all files, as there's some syntax
>     in some other files augeas doesn't understand.
>
>     Here is my old krb5.aug file (which works).
>
>     set /augeas/load/Krb5/incl "/tmp/krb5.conf"
>     set /augeas/load/Krb5/lens "Krb5.lns"
>     load
>     defnode realms_AMER_DELL_COM /files/tmp/krb5.conf/realms/realm[. =
>     'AMER.DELL.COM <http://AMER.DELL.COM>' ]
>     defnode libdefaults /files/tmp/krb5.conf/libdefaults
>     set $realms_AMER_DELL_COM AMER.DELL.COM <http://AMER.DELL.COM>
>     set $realms_AMER_DELL_COM/#comment LANDMARK
>     set $realms_AMER_DELL_COM/auth_to_local[1] 'RULE:[1:$1]'
>     set $realms_AMER_DELL_COM/auth_to_local[2] 'DEFAULT'
>     set $libdefaults/default_realm AMER.DELL.COM <http://AMER.DELL.COM>
>     set $libdefaults/dns_lookup_kdc true
>     set /files/etc/krb5.conf/libdefaults/rdns false
>     set /files/etc/krb5.conf/domain_realm/.isus.emc.com
>     <http://isus.emc.com> AMER.DELL.COM <http://AMER.DELL.COM>
>     save
>
>     I run it thusly:  augtool --noautoload -f krb5.aug
>
>     # Configuration snippets may be placed in this directory as well
>     includedir /etc/krb5.conf.d/
>
>     [logging]
>      default = FILE:/var/log/krb5libs.log
>      kdc = FILE:/var/log/krb5kdc.log
>      admin_server = FILE:/var/log/kadmind.log
>
>     [libdefaults]
>      default_realm = AMER.DELL.COM <http://AMER.DELL.COM>
>      dns_lookup_kdc = true
>      default_etypes_des = des-cbc-crc
>      default_tgs_enctypes = arcfour-hmac-md5
>      default_tkt_enctypes = arcfour-hmac-md5
>
>     [realms]
>     AMER.DELL.COM <http://AMER.DELL.COM> = {
>        #LANDMARK
>     auth_to_local = RULE:[1:$1]
>     auth_to_local = DEFAULT
>     }
>     [domain_realm]
>     # .example.com <http://example.com> = EXAMPLE.COM <http://EXAMPLE.COM>
>     # example.com <http://example.com> = EXAMPLE.COM <http://EXAMPLE.COM>
>     .isus.emc.com <http://isus.emc.com> = AMER.DELL.COM
>     <http://AMER.DELL.COM>
>
>     Here's my problem.  I want to restrict my /default_tgs_enctypes
>     and default_tkt_enctypes to only the strong-ish encryption types
>     (I know the arcfour-hmac-md5 is not terribly strong today).
>
>     so if i change my krb5.aug file to this:
>
>     set /augeas/load/Krb5/incl "/tmp/krb5.conf"
>     set /augeas/load/Krb5/lens "Krb5.lns"
>     load
>     defnode realms_AMER_DELL_COM /files/tmp/krb5.conf/realms/realm[. =
>     'AMER.DELL.COM <http://AMER.DELL.COM>' ]
>     defnode libdefaults /files/tmp/krb5.conf/libdefaults
>     set $realms_AMER_DELL_COM AMER.DELL.COM <http://AMER.DELL.COM>
>     set $realms_AMER_DELL_COM/#comment LANDMARK
>     set $realms_AMER_DELL_COM/auth_to_local[1] 'RULE:[1:$1]'
>     set $realms_AMER_DELL_COM/auth_to_local[2] 'DEFAULT'
>     set $libdefaults/default_realm AMER.DELL.COM <http://AMER.DELL.COM>
>     set $libdefaults/dns_lookup_kdc true
>     set $libdefaults/default_tgs_enctypes[1] 'arcfour-hmac-md5'
>     set $libdefaults/default_tgs_enctypes[2] 'aes128-cts-hmac-sha1-96'
>     set $libdefaults/default_tgs_enctypes[3] 'aes256-cts-hmac-sha1-96'
>     set $libdefaults/default_tkt_enctypes[1] 'arcfour-hmac-md5'
>     set $libdefaults/default_tkt_enctypes[2] 'aes128-cts-hmac-sha1-96'
>     set $libdefaults/default_tkt_enctypes[3] 'aes256-cts-hmac-sha1-96'
>     set /files/etc/krb5.conf/libdefaults/rdns false
>     set /files/etc/krb5.conf/domain_realm/.isus.emc.com
>     <http://isus.emc.com> AMER.DELL.COM <http://AMER.DELL.COM>
>     save
>
>     It fails.  The only extra lines are the
>     $libdefaults/default_tgs_enctypes and the
>     $libdefaults/default_tkt_enctypes set lines.
>
>     However, if I change my /tmp/krb5.conf file so that
>     3 default_tgs_enctypes and 3 default_tkt_enctypes already exist,
>     it succeeds.
>
>     Example before:
>     ...
>     [libdefaults]
>      ...
>      default_tgs_enctypes = des-cbc-crc des-cbc-crc des-cbc-crc
>      default_tkt_enctypes = des-cbc-crc des-cbc-crc des-cbc-crc
>
>     then run augtool --noautoload -f /tmp/krb5.aug
>
>     After:
>     [libdefaults]
>     ...
>      default_tgs_enctypes = arcfour-hmac-md5 aes128-cts-hmac-sha1-96
>     aes256-cts-hmac-sha1-96
>      default_tkt_enctypes = arcfour-hmac-md5 aes128-cts-hmac-sha1-96
>     aes256-cts-hmac-sha1-96
>
>     I thought "set" operator was supposed to create a node entry if it
>     didn't already exist.
>
>     Why does it fail to modify these entries, unless the lines already
>     exist, with 3 entries already?
>
>     Spike
>
>
>
> _______________________________________________
> augeas-devel mailing list
> augeas-devel at redhat.com
> https://listman.redhat.com/mailman/listinfo/augeas-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20210223/8be8a299/attachment.htm>