question on auth_to_user
Kyley Engle
kyley_engle at hotmail.com
Thu May 20 15:26:22 EDT 2010
I'm trying to set up rules using the auth_to_user option inside of a realm definition in my krb5.conf file. I've not had any luck find good, and accurate, documentation on that option. Basically, I need my host principals to authenticate without having them in the local password file.
What the principal ends up looking like to my apache server is class;fqdn, which fails authentication.
What I am trying to do is:
host/fqdn at REALM.COM should get translated to just fqdn, which can then authenticate just fine.
class/fqdn at REALM.COM should get translated to class/fqdn. basically, just dropping the realm portion
using this, I can munge the host principal the way I want.
[realms]
REALM.COM = {
kdc-1
kdc-2
auth_to_local = RULE:[2:$1;$2](^host;.*$)s/^host;//
auth_to_local = DEFAULT
}
however, if I try something like:
auth_to_local = RULE:[2:$1/$2](^.*;.*$)
it doesn't work. the / is the usual reserved character, and there does not seem to be a way to escape it. any suggestions? or am I approaching this in the wrong way?
-kyley
More information about the Kerberos
mailing list