On 3/26/2018 5:29 AM, Harald Barth wrote: > > Is there any consenus about using comments in krb5.conf and how it > should be parsed?
yes. > I have tried to figure out what is OK according to the documentation > but not found anything about comments in the manual pages. There > is a widespread use of comments like this: > > [libdefaults] > default_realm = EXAMPLE.COM > # The following krb5.conf variables are only for MIT Kerberos. > krb4_config = /etc/krb.conf > krb4_realms = /etc/krb.realms > > and usage of "#" at the beginning of the line will make the parser > ignore that line and it works as a comment. The above is a comment. > But if I write: > > [libdefaults] > renew_lifetime = 3d # this comment will break things This is not a comment. This is setting the value of "renew_lifetime" to the string "3d # this comment will break things". The error that is generated is the failure of "3d # this comment will break things" to be a valid date string. It is perfectly valid for a '#' to be present in a value string. A value string is all of the contents to the right of the equal sign until the end of line.
smime.p7s
Description: S/MIME Cryptographic Signature