Lines with "=" in krb5.conf
Weijun Wang
weijun.wang at oracle.com
Sat Jan 19 05:40:31 EST 2019
I contacted with the bug reporter personally and he confirmed it was a false report. Thanks everyone.
--Max
> On Jan 16, 2019, at 7:55 PM, Alexandr Nedvedicky <alexandr.nedvedicky at oracle.com> wrote:
>
> Hello,
>
> ignore my earlier email. I should ask optician for glasses.
> 1.17 and latest docs are consistent in description of auth_to_local.
> entirely my fault.
>
> regards
> sasha
>
> On Wed, Jan 16, 2019 at 09:43:38AM +0100, Alexandr Nedvedicky wrote:
>> Hello,
>>
>> On Wed, Jan 16, 2019 at 12:28:54AM -0500, Greg Hudson wrote:
>>> On 1/15/19 9:12 AM, Weijun Wang wrote:
>>>> [realms]
>>>> ATHENA.MIT.EDU = {
>>>> auth_to_local = {
>>>> RULE:[2:$1](johndoe)s/^.*$/guest/
>>>> RULE:[2:$1;$2](^.*;admin$)s/;admin$//
>>>> RULE:[2:$2](^.*;root)s/^.*$/root/
>>>> DEFAULT
>>>> }
>>>> }
>>>>
>>>> Is this legal? I tried it with the latest MIT krb5 and saw a "krb5kdc: Improper format of Kerberos configuration file while initializing krb5" error.
>>>>
>>>> Or does any other krb5 vendor support this format?
>>>
>>> I don't think so. MIT krb5 only expects relations (a = b) within a
>>> braced subsection, and my read of the Heimdal code is that it does as well.
>>
>> I believe the snippet pasted by Weijun comes from here:
>>
>> https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html
>> [ search for auth_to_local ]
>>
>> however for 1.17 version the same paragraph uses format as follows
>>
>> [realms]
>> ATHENA.MIT.EDU = {
>> auth_to_local = RULE:[2:$1](johndoe)s/^.*$/guest/
>> auth_to_local = RULE:[2:$1;$2](^.*;admin$)s/;admin$//
>> auth_to_local = RULE:[2:$2](^.*;root)s/^.*$/root/
>> auth_to_local = DEFAULT
>> }
>>
>> So it looks like the krb5-latest doc is kind of confusing.
>
> sorry I oversought
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
More information about the krbdev
mailing list