[19866] in Kerberos_V5_Development


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Lines with "=" in krb5.conf

daemon@ATHENA.MIT.EDU (Weijun Wang)
Tue Jan 15 09:13:04 2019

From: Weijun Wang <weijun.wang@oracle.com>
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Tue, 15 Jan 2019 22:12:47 +0800
Message-Id: <B0FDE848-4C3C-4DD7-ABBB-9E242D10298A@oracle.com>
To: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

Hi All,

We (Java SE at Oracle) received a bug report that Java cannot deal with krb5.conf containing the following lines:

         [realms] 
              ATHENA.MIT.EDU = { 
                  auth_to_local = { 
                      RULE:[2:$1](johndoe)s/^.*$/guest/ 
                      RULE:[2:$1;$2](^.*;admin$)s/;admin$// 
                      RULE:[2:$2](^.*;root)s/^.*$/root/ 
                      DEFAULT 
                      } 
                  }

Is this legal? I tried it with the latest MIT krb5 and saw a "krb5kdc: Improper format of Kerberos configuration file while initializing krb5" error.

Or does any other krb5 vendor support this format?

Thanks,
Max


_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[19866] in Kerberos_V5_Development

Lines with "=" in krb5.conf

daemon@ATHENA.MIT.EDU (Weijun Wang)Tue Jan 15 09:13:04 2019

daemon@ATHENA.MIT.EDU (Weijun Wang)
Tue Jan 15 09:13:04 2019