krb5.conf auth_to_local rules
Matt Crawford
crawdad at fnal.gov
Mon Jul 15 11:57:00 EDT 2002
I used auto_to_local to ease a transition from one realm name to
another. The first thing I discovered was that you can't select
based on realm name in a RULE. The second thing was that if you put
in a $0 or $-1 or less, you can crash.
So I patch $0 to mean the realm and disallow negative component
selectors and distributed this:
[realms]
OLD.REALM = {
# ...
auth_to_local = RULE:[1:$1@$0](.*@NEW\.REALM)s/@.*//
auth_to_local = DEFAULT
}
NEW.REALM = {
# ...
auth_to_local = RULE:[1:$1@$0](.*@OLD\.REALM)s/@.*//
auth_to_local = DEFAULT
}
More information about the krbdev
mailing list