Regex/PCRE support for auth_to_local RULEs

Greg Hudson ghudson at mit.edu
Tue Sep 12 10:29:59 EDT 2017


On 09/11/2017 10:50 AM, Protulipac, Michael wrote:
> It does not seem to be trivial to change this on the AD or windows client side.  Has the Kerberos team considered adding PCRE support to the RULE functionality or have another method to deal with windows/linux integrations (system that is case aware to one that is case aware and sensitive)?  Are there any alternatives/options/other paths we could entertain?

I don't think we'd want to add a dependency on the PCRE library from
libkrb5, but I'm open to adding case-folding support in one form or
another.  (I'm not immediately sure how it should work in detail.)

One alternative option (in 1.12 or later) is to create, install, and
register a localauth module:

http://web.mit.edu/kerberos/krb5-latest/doc/plugindev/localauth.html
http://web.mit.edu/kerberos/krb5-latest/doc/plugindev/general.html
http://web.mit.edu/kerberos/krb5-latest/doc/admin/host_config.html#plugin-config


More information about the Kerberos mailing list