Configuration Parsers for Krb5

Below parsers are included:

Krb5Configuration - files /etc/krb5.conf and /etc/krb5.conf.d/*

Krb5LocalauthPlugin - file /var/lib/sss/pubconf/krb5.include.d/localauth_plugin

class insights.parsers.krb5.Krb5ConfBase(context)[source]

Bases: Parser, dict

Base Class to process the Kerberos relevant configurations.

The Kerberos Configuration are generally in .ini format. it is like an ordinary .ini file except that values can include a multiple line key-value pair ‘relation’ that starts with a ‘{’ and end with a ‘}’ on a trailing line. So we track whether we’re in curly braces by setting is_squ when we enter a relation, and clearing it when we leave. Please fill in the remainder of the logic here.

property data

Keep backward compatibility. The “data” atrribute is deprecated, the parser itself is dictionary.

Warning

This will be removed from 3.8.0.

getboolean(section, option)[source]

Parse option as bool

Returns None is not a krb5.conf boolean string.

has_option(section, option)[source]

Check for the existence of a given option in a given section. Return True if the given option is present, and False if not present.

has_section(section)[source]

Indicate whether the named section is present in the configuration. Return True if the given section is present, and False if not present.

options(section)[source]

Return a list of option names for the given section name.

parse_content(content)[source]

This method must be implemented by classes based on this class.

sections()[source]

Return a list of section names.

class insights.parsers.krb5.Krb5Configuration(context)[source]

Bases: Krb5ConfBase

Krb5 Configuration are /etc/krb5.conf and /etc/krb5.conf.d/*.

See Krb5ConfBase for details.

includedir

The directory list that krb5.conf includes via includedir directive

Type:

list

include

The configuration file list that krb5.conf includes via include directive

Type:

list

module

The module list that krb5.conf specifed via module directive

Type:

list

Sample content:

include /etc/krb5test.conf
[realms]
  dns_lookup_realm = false
  ticket_lifetime = 24h
  default_ccache_name = KEYRING:persistent:%{uid}
  EXAMPLE.COM = {
   kdc = kerberos.example.com
   admin_server = kerberos.example.com
  }
  pam = {
   debug = false
   krb4_convert = false
   ticket_lifetime = 36000
  }
[libdefaults]
  dns_lookup_realm = false
  dnsdsd = false
  ticket_lifetime = 24h
  EXAMPLE.COM = {
   kdc = kerberos2.example.com
   admin_server = kerberos2.example.com
 }

Example

>>> type(krb5_conf)
<class 'insights.parsers.krb5.Krb5Configuration'>
>>> krb5_conf["libdefaults"]["dnsdsd"]
'false'
>>> krb5_conf["realms"]["EXAMPLE.COM"]["kdc"]
'kerberos.example.com'
>>> krb5_conf.sections()
['libdefaults', 'realms']
>>> krb5_conf.has_section("realms")
True
>>> krb5_conf.has_option("realms", "nosuchoption")
False
>>> krb5_conf.options("libdefaults")
['EXAMPLE.COM', 'dns_lookup_realm', 'dnsdsd', 'ticket_lifetime']
>>> krb5_conf.include
['/etc/krb5test.conf']
class insights.parsers.krb5.Krb5LocalauthPlugin(context)[source]

Bases: Krb5ConfBase

Krb5 Configuration parser for /var/lib/sss/pubconf/krb5.include.d/localauth_plugin

Sample input:

[plugins]
 localauth = {
  module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so
 }

Examples

>>> type(krb5_LP)
<class 'insights.parsers.krb5.Krb5LocalauthPlugin'>
>>> krb5_LP['plugins']['localauth']['module']
'sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so'