WHy is this common syntax failing?

Owen Carter ocarter at mirabeau.nl
Mon May 21 11:45:52 EDT 2007

Thank you Ken!

That makes a LOT more sense.. After I sent the mail I had worked out
that a single (standalone) rule worked.. But I didn't make the final
leap to realise I could then have multiple rules in the same [realms]

That's solved my immediate problem, many, many thanks :-)

Met vreiendelijk groet; Owen. 

-----Original Message-----
From: Ken Raeburn [mailto:raeburn at MIT.EDU] 
Sent: maandag 21 mei 2007 16:49
To: Owen Carter
Cc: kerberos at MIT.EDU
Subject: Re: WHy is this common syntax failing?

On May 21, 2007, at 10:41, Owen Carter wrote:
> [realms]
> 	kdc = SERV1.mirabeau.nl
> 	admin_server = SERV1.mirabeau.nl
> 	auth_to_local = {
> 		RULE:[2:$1](johndoe)s/^.*$/guest/
> 		RULE:[2:$1;$2](^.*;admin$)s/;admin$//
> 		RULE:[2:$2](^.*;root)s/^.*$/root/
> 		 }
>         }
> When I did that, Kerberos stops working.

The documentation is wrong.  You need to use something like:

     auth_to_local = RULE:blahblahblah
     auth_to_local = RULE:stuffheretoo
     auth_to_local = DEFAULT

> (as a footnote; the error message could be much, much more  
> specific.. I mean, it doesn't even give a line number of where the  
> error is found in the file, let alone a true reason WHY it believes  
> the format is invalid.)

Yes, that would be a good improvement too....


More information about the Kerberos mailing list