Krb5Configuration - files /etc/krb5.conf and /etc/krb5.conf.d/*

krb5 Configuration are /etc/krb5.conf and /etc/krb5.conf.d/*, and the content format is similar to INI config, but they include values that span multiple lines. Multi-line values start with a ‘{’ and end with a ‘}’, and we join them together by setting the is_squ variable to True while in a multi-line value.


>>> krb5_content = '''
 dns_lookup_realm = false
 ticket_lifetime = 24h
 default_ccache_name = KEYRING:persistent:%{uid}
  kdc =
  admin_server =
 pam = {
  debug = false
  krb4_convert = false
  ticket_lifetime = 36000
  dns_lookup_realm = false
  ticket_lifetime = 24h
   kdc =
   admin_server =
# renew_lifetime = 7d
# forwardable = true
# rdns = false
>>> from insights.tests import context_wrap
>>> shared = {Krb5Configuration: Krb5Configuration(context_wrap(krb5_content))}
>>> krb5_info = shared[Krb5Configuration]
>>> krb5_info["libdefaults"]["dnsdsd"]
>>> krb5_info["realms"]["EXAMPLE.COM"]["kdc"]
>>> krb5_info.sections()
>>> krb5_info.has_section("realms")
>>> krb5_info.has_option("realms", "nosuchoption")
>>> krb5_info.options("libdefaults")
class insights.parsers.krb5.Krb5Configuration(context)[source]

Bases: insights.core.Parser, insights.core.LegacyItemAccess

Class for krb5.conf and krb5.conf.d configuration files.

The Kerberos .ini format is like an ordinary .ini file except that values can include a multiple line key-value pair ‘relation’ that starts with a ‘{’ and end with a ‘}’ on a trailing line. So we track whether we’re in curly braces by setting is_squ when we enter a relation, and clearing it when we leave. Please fill in the remainder of the logic here.


The directory list that krb5.conf includes via includedir directive


The configuration file list that krb5.conf includes via include directive


The module list that krb5.conf specifed via module directive

getboolean(section, option)[source]

Parse option as bool

Returns None is not a krb5.conf boolean string.

has_option(section, option)[source]

Check for the existence of a given option in a given section. Return True if the given option is present, and False if not present.


Indicate whether the named section is present in the configuration. Return True if the given section is present, and False if not present.


Return a list of option names for the given section name.


This method must be implemented by classes based on this class.


Return a list of section names.