source-git / krb5

Clone
Source Code
GIT

Blame doc/html/user/user_config/k5identity.html

c8 c8s master
  1.   84e616108e805ff803dca4aabd5967e5fe6b0c2c
  2.   doc
  3.   html
  4.   user
  5.   user_config
  6.   k5identity.html
Blob History Raw
Packit fd8b60
Packit fd8b60
Packit fd8b60 
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
Packit fd8b60
Packit fd8b60 
<html xmlns="http://www.w3.org/1999/xhtml">
Packit fd8b60 
  <head>
Packit fd8b60 
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
Packit fd8b60 
    <title>.k5identity — MIT Kerberos Documentation</title>
Packit fd8b60 
    <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" />
Packit fd8b60 
    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
Packit fd8b60 
    <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" />
Packit fd8b60 
    <script type="text/javascript">
Packit fd8b60 
      var DOCUMENTATION_OPTIONS = {
Packit fd8b60 
        URL_ROOT:    '../../',
Packit fd8b60 
        VERSION:     '1.18.2',
Packit fd8b60 
        COLLAPSE_INDEX: false,
Packit fd8b60 
        FILE_SUFFIX: '.html',
Packit fd8b60 
        HAS_SOURCE:  true,
Packit fd8b60 
        SOURCELINK_SUFFIX: '.txt'
Packit fd8b60 
      };
Packit fd8b60 
    </script>
Packit fd8b60 
    <script type="text/javascript" src="../../_static/jquery.js"></script>
Packit fd8b60 
    <script type="text/javascript" src="../../_static/underscore.js"></script>
Packit fd8b60 
    <script type="text/javascript" src="../../_static/doctools.js"></script>
Packit fd8b60 
    <link rel="author" title="About these documents" href="../../about.html" />
Packit fd8b60 
    <link rel="index" title="Index" href="../../genindex.html" />
Packit fd8b60 
    <link rel="search" title="Search" href="../../search.html" />
Packit fd8b60 
    <link rel="copyright" title="Copyright" href="../../copyright.html" />
Packit fd8b60 
    <link rel="next" title="User commands" href="../user_commands/index.html" />
Packit fd8b60 
    <link rel="prev" title=".k5login" href="k5login.html" />
Packit fd8b60 
  </head>
Packit fd8b60 
  <body>
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60 
            
MIT Kerberos Documentation
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60 
            accesskey="C">Contents |
Packit fd8b60
Packit fd8b60 
            accesskey="P">previous |
Packit fd8b60
Packit fd8b60 
            accesskey="N">next |
Packit fd8b60
Packit fd8b60 
            accesskey="I">index |
Packit fd8b60
Packit fd8b60 
            accesskey="S">Search |
Packit fd8b60 
    feedback
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60 
.k5identity
Packit fd8b60
Packit fd8b60 
DESCRIPTION
Packit fd8b60 
The .k5identity file, which resides in a user’s home directory,
Packit fd8b60 
contains a list of rules for selecting a client principals based on
Packit fd8b60 
the server being accessed.  These rules are used to choose a
Packit fd8b60 
credential cache within the cache collection when possible.
Packit fd8b60 
Blank lines and lines beginning with # are ignored.  Each line has
Packit fd8b60 
the form:
Packit fd8b60
Packit fd8b60 
principal field=value
Packit fd8b60 
If the server principal meets all of the field constraints, then
Packit fd8b60 
principal is chosen as the client principal.  The following fields are
Packit fd8b60 
recognized:
Packit fd8b60
Packit fd8b60 
realm
Packit fd8b60 
If the realm of the server principal is known, it is matched
Packit fd8b60 
against value, which may be a pattern using shell wildcards.
Packit fd8b60 
For host-based server principals, the realm will generally only be
Packit fd8b60 
known if there is a [domain_realm] section in
Packit fd8b60 
krb5.conf with a mapping for the hostname.
Packit fd8b60 
service
Packit fd8b60 
If the server principal is a host-based principal, its service
Packit fd8b60 
component is matched against value, which may be a pattern using
Packit fd8b60 
shell wildcards.
Packit fd8b60 
host
Packit fd8b60 
If the server principal is a host-based principal, its hostname
Packit fd8b60 
component is converted to lower case and matched against value,
Packit fd8b60 
which may be a pattern using shell wildcards.
Packit fd8b60 
If the server principal matches the constraints of multiple lines
Packit fd8b60 
in the .k5identity file, the principal from the first matching
Packit fd8b60 
line is used.  If no line matches, credentials will be selected
Packit fd8b60 
some other way, such as the realm heuristic or the current primary
Packit fd8b60 
cache.
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60
Packit fd8b60 
EXAMPLE
Packit fd8b60 
The following example .k5identity file selects the client principal
Packit fd8b60 
alice@KRBTEST.COM if the server principal is within that realm,
Packit fd8b60 
the principal alice/root@EXAMPLE.COM if the server host is within
Packit fd8b60 
a servers subdomain, and the principal alice/mail@EXAMPLE.COM when
Packit fd8b60 
accessing the IMAP service on mail.example.com:
Packit fd8b60 
alice@KRBTEST.COM       realm=KRBTEST.COM
Packit fd8b60 
alice/root@EXAMPLE.COM  host=*.servers.example.com
Packit fd8b60 
alice/mail@EXAMPLE.COM  host=mail.example.com service=imap

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation