krb5.conf

It seems there's no place defining the exact grammar of krb5.conf. This is my attempt:

There are 5 semantic elements in a krb5.conf file:
  1. section head: "[" identifier "]"
  2. simple key-value: key "=" value
  3. complicated key: key "="
  4. complicated value start: "{"
  5. complicated value end: "}"
Normally, identifier and key should be alphanumeric plus a few symbols like ".", "-", "_"; value can be any series of characters with no newline inside and neither starts with "{" nor ends with "}". Each element can have zero or more blanks (spaces or horizontal tabs) between the tokens, before the first token, or after the last token.

A krb5.conf data includes an ordered series of these elements with the following constraints:
  1. The first element (if there exists one) must be a section head.
  2. Each appearance of a complicated value end must match an existing unmatched complicated value start. If there are multiple unmatched complicated value start elements, it matches the last (nearest) one.
  3. The section head must appear at a position where no complicated value start is un-matched.
  4. A complicated value start must follow a complicated key, a complicated key must be followed by a complicated value start.
  5. At the end of the data, no complicated value start is un-matched.
A krb5.conf file consists of multiple lines, in which each line can be:
  1. a comment line, starting with the character "#" or ";"
  2. an empty line, consisting of zero or more blanks
  3. an element
  4. a glue of multiple elements, which means several consequent elements are packed into one line
There can be two different form of a krb5.conf:
  1. Distinguished form: The only allowed glue is between complicated key and complicated value start. In fact, in the distinguished form, these 2 elements must always be glued.
  2. Basic form: The complicated value start element can be either glued to the element before it, or the one after it. The complicated value end can be glued to the element before it. Glued elements can be glued again by matching the "ends". No glue is mandatory.

Other ideas:

  1. Weird characters ("=", "[", "]", "{", "}", and other invisibles) inside key or identifier or value must be escaped with "\\" using the standard C style. I hate quotes, and I hate those "you needn't escape it here coz I can recognize it" cases.
  2. Any unescaped "#" inside a line starts an until-the-eol comment (";" doesn't)
Comments:

A comment line may also start with the semicolon character ';'

Posted by MrJoel on June 18, 2007 at 06:56 PM CST #

If you search the MIT krbdev mailing list archives you'll find an abortive attempt at replacing the "profile library" (which parses krb5.conf) with an implementation based on a formal syntax. The project failed to find a way to do this backwards compatibly. The gory details are in the mailing list archive.

Posted by Nico on June 25, 2007 at 08:53 PM CST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog has a comments managing system that requires me to approve each comment manually. Please do not re-post and I will reply it (if I have an answer) when I get pinged.

Search

Top Tags
Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today