krb5.conf auth_to_local rules

Matt Crawford crawdad at
Mon Jul 15 11:57:00 EDT 2002

I used auto_to_local to ease a transition from one realm name to
another.  The first thing I discovered was that you can't select
based on realm name in a RULE.  The second thing was that if you put
in a $0 or $-1 or less, you can crash.

So I patch $0 to mean the realm and disallow negative component
selectors and distributed this:

		# ...
		auth_to_local = RULE:[1:$1@$0](.*@NEW\.REALM)s/@.*//
		auth_to_local = DEFAULT
		# ...
		auth_to_local = RULE:[1:$1@$0](.*@OLD\.REALM)s/@.*//
		auth_to_local = DEFAULT

More information about the krbdev mailing list