[19869] in Kerberos_V5_Development
Re: Lines with "=" in krb5.conf
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Jan 16 00:29:06 2019
To: Weijun Wang <weijun.wang@oracle.com>, "krbdev@mit.edu" <krbdev@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <fa5ef3d5-caa4-03b3-f9c8-e2f3204d82e3@mit.edu>
Date: Wed, 16 Jan 2019 00:28:54 -0500
MIME-Version: 1.0
In-Reply-To: <B0FDE848-4C3C-4DD7-ABBB-9E242D10298A@oracle.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 1/15/19 9:12 AM, Weijun Wang wrote:
> [realms]
> ATHENA.MIT.EDU = {
> auth_to_local = {
> RULE:[2:$1](johndoe)s/^.*$/guest/
> RULE:[2:$1;$2](^.*;admin$)s/;admin$//
> RULE:[2:$2](^.*;root)s/^.*$/root/
> DEFAULT
> }
> }
>
> Is this legal? I tried it with the latest MIT krb5 and saw a "krb5kdc: Improper format of Kerberos configuration file while initializing krb5" error.
>
> Or does any other krb5 vendor support this format?
I don't think so. MIT krb5 only expects relations (a = b) within a
braced subsection, and my read of the Heimdal code is that it does as well.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
