Hello,
On Tue, Feb 7, 2012 at 11:12 PM, Pat Riehecky <[email protected]> wrote: > The krb5.aug lense is unable to parse my site's krb5.conf (publicly > available at http://security.fnal.gov/krb5.conf) >From looking at it, here are the stanzas that are not recognized: line 90: default_tgs_enctypes = des-cbc-crc des3-cbc-sha1 default_tkt_enctypes = des-cbc-crc des3-cbc-sha1 line 190: v4_name_convert = { host = { rcmd = host } } line 203: ticket_lifetime = 30h Hint: you can use augcheck [0] to spot these errors easily. > I've almost gotten it to be able to read the v4_name_convert section (line > 194) but just can't seem to get it right. > > My patch below gets me almost there, but I'm stuck for what to do to fixup > the last little bit. I can get > > CERN.CH = { > kdc = cerndc.cern.ch:88 > master_kdc = cerndc.cern.ch:88 > default_domain = cern.ch > kpasswd_server = afskrb5m.cern.ch > admin_server = afskrb5m.cern.ch > v4_name_convert = { > host = rcmd > } > } > > to work with this patch but not > > CERN.CH = { > kdc = cerndc.cern.ch:88 > master_kdc = cerndc.cern.ch:88 > default_domain = cern.ch > kpasswd_server = afskrb5m.cern.ch > admin_server = afskrb5m.cern.ch > v4_name_convert = { > host = { > rcmd = host > } > } > } > > My various attempts all end up breaking v4_instance_convert. > > I tried the suggestion offered some ways back of making the v4_name_convert > section more top level, but the entry in libdefaults is a true/false while > the one in a realm is much more tree like. It seemed that would make > matters worse. > > May I request a little help? > > --- lenses/krb5.aug.orig 2012-02-07 14:00:13.349952582 -0600 > +++ lenses/krb5.aug 2012-02-07 16:02:03.465813208 -0600 > @@ -24,7 +24,7 @@ let realm_re = /[A-Z][.a-zA-Z0-9-]*/ > let app_re = /[a-z][a-zA-Z0-9_]*/ > let name_re = /[.a-zA-Z0-9_-]+/ > > -let value = store /[^;# \t\n{}]+/ > +let value = store /[^;# \t\n{}]|[^;# \t\n{}][^#\n]*[^;# \t\n{}]/ OK. I guess this is meant to parse "des-cbc-crc des3-cbc-sha1". Maybe it would be nicer to represent this as a list? > let entry (kw:regexp) (sep:lens) (comment:lens) > = [ indent . key kw . sep . value . (comment|eol) ] | comment > > @@ -61,8 +61,8 @@ let appdefaults = > let realms = > let simple_option = /kdc|admin_server|database_module|default_domain/ > |/v4_realm|auth_to_local(_names)?|master_kdc|kpasswd_server/ > - |/admin_server/ in > - let subsec_option = /v4_instance_convert/ in > + |/admin_server|ticket_lifetime/ in > + let subsec_option = /v4_instance_convert|v4_name_convert/ in > let option = entry simple_option eq comment in > let subsec = [ indent . key subsec_option . eq_openbr . > (entry name_re eq comment)* . closebr . eol ] in > You're allowing to create a subsection called "v4_name_convert" inside realms sections, but not to create a sub-subsection called "host" inside this "v4_name_convert", hence your issue. That might eventually become quite complex. I'll see if this can be simplified using the new Build.block* constructs. Raphaël [0] https://github.com/raphink/augeas-sandbox _______________________________________________ augeas-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/augeas-devel
