|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
Packit |
fd8b60 |
<head>
|
|
Packit |
fd8b60 |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
Packit |
fd8b60 |
<title>.k5identity — MIT Kerberos Documentation</title>
|
|
Packit |
fd8b60 |
<link rel="stylesheet" href="../../_static/agogo.css" type="text/css" />
|
|
Packit |
fd8b60 |
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
|
|
Packit |
fd8b60 |
<link rel="stylesheet" href="../../_static/kerb.css" type="text/css" />
|
|
Packit |
fd8b60 |
<script type="text/javascript">
|
|
Packit |
fd8b60 |
var DOCUMENTATION_OPTIONS = {
|
|
Packit |
fd8b60 |
URL_ROOT: '../../',
|
|
Packit |
fd8b60 |
VERSION: '1.18.2',
|
|
Packit |
fd8b60 |
COLLAPSE_INDEX: false,
|
|
Packit |
fd8b60 |
FILE_SUFFIX: '.html',
|
|
Packit |
fd8b60 |
HAS_SOURCE: true,
|
|
Packit |
fd8b60 |
SOURCELINK_SUFFIX: '.txt'
|
|
Packit |
fd8b60 |
};
|
|
Packit |
fd8b60 |
</script>
|
|
Packit |
fd8b60 |
<script type="text/javascript" src="../../_static/jquery.js"></script>
|
|
Packit |
fd8b60 |
<script type="text/javascript" src="../../_static/underscore.js"></script>
|
|
Packit |
fd8b60 |
<script type="text/javascript" src="../../_static/doctools.js"></script>
|
|
Packit |
fd8b60 |
<link rel="author" title="About these documents" href="../../about.html" />
|
|
Packit |
fd8b60 |
<link rel="index" title="Index" href="../../genindex.html" />
|
|
Packit |
fd8b60 |
<link rel="search" title="Search" href="../../search.html" />
|
|
Packit |
fd8b60 |
<link rel="copyright" title="Copyright" href="../../copyright.html" />
|
|
Packit |
fd8b60 |
<link rel="next" title="User commands" href="../user_commands/index.html" />
|
|
Packit |
fd8b60 |
<link rel="prev" title=".k5login" href="k5login.html" />
|
|
Packit |
fd8b60 |
</head>
|
|
Packit |
fd8b60 |
<body>
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
accesskey="C">Contents |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
accesskey="P">previous |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
accesskey="N">next |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
accesskey="I">index |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
accesskey="S">Search |
|
|
Packit |
fd8b60 |
feedback
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
.k5identity¶
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
DESCRIPTION¶
|
|
Packit |
fd8b60 |
The .k5identity file, which resides in a user’s home directory,
|
|
Packit |
fd8b60 |
contains a list of rules for selecting a client principals based on
|
|
Packit |
fd8b60 |
the server being accessed. These rules are used to choose a
|
|
Packit |
fd8b60 |
credential cache within the cache collection when possible.
|
|
Packit |
fd8b60 |
Blank lines and lines beginning with # are ignored. Each line has
|
|
Packit |
fd8b60 |
the form:
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
principal field=value …
|
|
Packit |
fd8b60 |
If the server principal meets all of the field constraints, then
|
|
Packit |
fd8b60 |
principal is chosen as the client principal. The following fields are
|
|
Packit |
fd8b60 |
recognized:
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
realm
|
|
Packit |
fd8b60 |
If the realm of the server principal is known, it is matched
|
|
Packit |
fd8b60 |
against value, which may be a pattern using shell wildcards.
|
|
Packit |
fd8b60 |
For host-based server principals, the realm will generally only be
|
|
Packit |
fd8b60 |
known if there is a [domain_realm] section in
|
|
Packit |
fd8b60 |
krb5.conf with a mapping for the hostname.
|
|
Packit |
fd8b60 |
service
|
|
Packit |
fd8b60 |
If the server principal is a host-based principal, its service
|
|
Packit |
fd8b60 |
component is matched against value, which may be a pattern using
|
|
Packit |
fd8b60 |
shell wildcards.
|
|
Packit |
fd8b60 |
host
|
|
Packit |
fd8b60 |
If the server principal is a host-based principal, its hostname
|
|
Packit |
fd8b60 |
component is converted to lower case and matched against value,
|
|
Packit |
fd8b60 |
which may be a pattern using shell wildcards.
|
|
Packit |
fd8b60 |
If the server principal matches the constraints of multiple lines
|
|
Packit |
fd8b60 |
in the .k5identity file, the principal from the first matching
|
|
Packit |
fd8b60 |
line is used. If no line matches, credentials will be selected
|
|
Packit |
fd8b60 |
some other way, such as the realm heuristic or the current primary
|
|
Packit |
fd8b60 |
cache.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
EXAMPLE¶
|
|
Packit |
fd8b60 |
The following example .k5identity file selects the client principal
|
|
Packit |
fd8b60 |
alice@KRBTEST.COM if the server principal is within that realm,
|
|
Packit |
fd8b60 |
the principal alice/root@EXAMPLE.COM if the server host is within
|
|
Packit |
fd8b60 |
a servers subdomain, and the principal alice/mail@EXAMPLE.COM when
|
|
Packit |
fd8b60 |
accessing the IMAP service on mail.example.com :
|
|
Packit |
fd8b60 |
alice@KRBTEST.COM realm=KRBTEST.COM
|
|
Packit |
fd8b60 |
alice/root@EXAMPLE.COM host=*.servers.example.com
|
|
Packit |
fd8b60 |
alice/mail@EXAMPLE.COM host=mail.example.com service=imap
|