krb5 configuration

The krb5 files are normally available to rules as a list of Krb5Configuration objects.

class insights.combiners.krb5.AllKrb5Conf(krb5configs)[source]

Bases: dict

Combiner for accessing all the krb5 configuration files, the format is dict. There may be multi files for krb5 configuration, and the main config file is krb5.conf. In the situation that same section is both in krb5.conf and other configuration files, section in krb5.conf is the available setting. Data from parser krb5 is list of dict(s), this combiner will parse this list and return a dict which containing all valid data.

Sample files:

/etc/krb5.conf:

    includedir /etc/krb5.conf.d/
    include /etc/krb5test.conf
    module /etc/krb5test.conf:residual

    [logging]
        default = FILE:/var/log/krb5libs.log
        kdc = FILE:/var/log/krb5kdc.log

/etc/krb5.d/krb5_more.conf:

    [logging]
        default = FILE:/var/log/krb5.log
        kdc = FILE:/var/log/krb5.log
        admin_server = FILE:/var/log/kadmind.log

    [realms]
        dns_lookup_realm = false
        default_ccache_name = KEYRING:persistent:%{uid}

Examples

>>> type(all_krb5)
<class 'insights.combiners.krb5.AllKrb5Conf'>
>>> all_krb5.include
['/etc/krb5test.conf']
>>> all_krb5.sections()
['logging', 'realms']
>>> all_krb5.options('logging')
['admin_server', 'default', 'kdc']
>>> all_krb5['logging']['kdc']
'FILE:/var/log/krb5kdc.log'
>>> all_krb5.has_option('logging', 'admin_server')
True
>>> all_krb5['realms']['dns_lookup_realm']
'false'
>>> all_krb5.files
['krb5.conf', 'krb5_more.conf']

includedir

The directory list that krb5.conf includes via includedir directive

Type:: list

include

The configuration file list that krb5.conf includes via include directive

Type:: list

module

The module list that krb5.conf specifed via ‘module’ directive

Type:: list

files

The list of configuration file names.

Type:: list

dns_lookup_realm

is Kerberos realm DNS lookup enabled?

Type:: bool

dns_lookup_kdc

is Kerberos KDC DNS lookup enabled?

Type:: bool

default_realm

default realm for clients

Type:: str/None

realms

realm names from [realms] block

Type:: set

property data: Keep backward compatibility. The “data” atrribute is deprecated, the parser itself is dictionary.

Warning

This will be removed from 3.8.0.

getboolean(section, option)[source]

Parse option as bool

Returns None is not a krb5.conf boolean string.

has_option(section, option)[source]: Check for the existence of a given option in a given section. Return True if the given option is present, and False if not present.

has_section(section)[source]: Indicate whether the named section is present in the configuration. Return True if the given section is present, and False if not present.

options(section)[source]: Return a list of option names for the given section name.

sections()[source]: Return a list of section names.