WHy is this common syntax failing?

[Owen Carter]

Hi;

User question: 

I'm using kerberos5 on a fully-updated Debian (4.0.3-3) install. 
The system was configured months ago by someone else, and works at present,

root at mira-svn # kadmin
Authenticating as principal root/admin at MIRABEAU.NL with password.
...

But I wanted to add an auth_to_local definition to my /etc/krb5.conf file: So that:

[realms]
	MIRABEAU.NL = {
	kdc = SERV1.mirabeau.nl
	admin_server = SERV1.mirabeau.nl
        } 

Becomes:

[realms]
	MIRABEAU.NL = {
	kdc = SERV1.mirabeau.nl
	admin_server = SERV1.mirabeau.nl
	auth_to_local = {
		RULE:[2:$1](johndoe)s/^.*$/guest/
		RULE:[2:$1;$2](^.*;admin$)s/;admin$//
		RULE:[2:$2](^.*;root)s/^.*$/root/
		DEFAULT
		 }
        }

When I did that, Kerberos stops working. 

root at mira-svn # kadmin
kadmin: Improper format of Kerberos configuration file while initializing krb5 library

If I comment out the three rules:

	MIRABEAU.NL = {
		kdc = MIRA-DC1.mirabeau.nl
		admin_server = MIRA-DC1.mirabeau.nl
		auth_to_local = {
		#       RULE:[2:$1;$2](^.*;admin$)s/;admin$//
		#       RULE:[2:$2](^.*;root)s/^.*$/root/
  		#       DEFAULT
		 }
 	}

Everything is again working; except that I don't get my auth_to_local rules of course..

root at mira-svn # kadmin
Authenticating as principal root/admin at MIRABEAU.NL with password.
...

This example is direct from your site:
http://web.mit.edu/Kerberos/krb5-1.5/krb5-1.5.3/doc/krb5-admin/realms--krb5.conf-.html#realms%20(krb5.conf)

What might I be doing wrong? 
Or is it your documentation? 
Are there hidden and undocumented caveats to this format?

Thanks, 

(as a footnote; the error message could be much, much more specific.. I mean, it doesn't even give a line number of where the error is found in the file, let alone a true reason WHY it believes the format is invalid.)




Owen Carter
Software Configuratie Beheerder
 
Mirabeau | Development
H.J.E. Wenckebachweg 108
1096 AR Amsterdam
T:	020 5950550
F:	020 5950551
M:	062 9218409
W:	www.mirabeau.nl