EXTERNAL: Re: Regex/PCRE support for auth_to_local RULEs

Protulipac, Michael michael.protulipac at pnc.com
Tue Sep 12 11:08:17 EDT 2017


Thanks for the response and consideration.  I understand the reluctance to add the PCRE dependency.  I would be happy help any way I can in regards to case folding support... provide information and/or testing etc.

I am not sure there is a huge appetite in writing our own module (being part of a bank, they typically frown on rolling/supporting our own) but nonetheless, looks to be an avenue.

Thanks,

Mike

-----Original Message-----
From: Greg Hudson [mailto:ghudson at mit.edu] 
Sent: Tuesday, September 12, 2017 10:30 AM
To: Protulipac, Michael <michael.protulipac at pnc.com>; kerberos at mit.edu
Subject: EXTERNAL: Re: Regex/PCRE support for auth_to_local RULEs

On 09/11/2017 10:50 AM, Protulipac, Michael wrote:
> It does not seem to be trivial to change this on the AD or windows client side.  Has the Kerberos team considered adding PCRE support to the RULE functionality or have another method to deal with windows/linux integrations (system that is case aware to one that is case aware and sensitive)?  Are there any alternatives/options/other paths we could entertain?

I don't think we'd want to add a dependency on the PCRE library from libkrb5, but I'm open to adding case-folding support in one form or another.  (I'm not immediately sure how it should work in detail.)

One alternative option (in 1.12 or later) is to create, install, and register a localauth module:

http://web.mit.edu/kerberos/krb5-latest/doc/plugindev/localauth.html
http://web.mit.edu/kerberos/krb5-latest/doc/plugindev/general.html
http://web.mit.edu/kerberos/krb5-latest/doc/admin/host_config.html#plugin-config



The contents of this email are the property of PNC. If it was not addressed to you, you have no legal right to read it. If you think you received it in error, please notify the sender. Do not forward or copy without permission of the sender. This message may be considered a commercial electronic message under Canadian law or this message may contain an advertisement of a product or service and thus may constitute a commercial electronic mail message under US law. You may unsubscribe at any time from receiving commercial electronic messages from PNC at http://pages.e.pnc.com/globalunsub/
PNC, 249 Fifth Avenue, Pittsburgh, PA 15222; pnc.com





More information about the Kerberos mailing list