I'm trying to set up rules using the auth_to_user option inside of a realm definition in my krb5.conf file. I've not had any luck find good, and accurate, documentation on that option. Basically, I need my host principals to authenticate without having them in the local password file.
What the principal ends up looking like to my apache server is class;fqdn, which fails authentication. What I am trying to do is: host/[email protected] should get translated to just fqdn, which can then authenticate just fine. class/[email protected] should get translated to class/fqdn. basically, just dropping the realm portion using this, I can munge the host principal the way I want. [realms] REALM.COM = { kdc-1 kdc-2 auth_to_local = RULE:[2:$1;$2](^host;.*$)s/^host;// auth_to_local = DEFAULT } however, if I try something like: auth_to_local = RULE:[2:$1/$2](^.*;.*$) it doesn't work. the / is the usual reserved character, and there does not seem to be a way to escape it. any suggestions? or am I approaching this in the wrong way? -kyley ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
