Hi;
User question:
I'm using kerberos5 on a fully-updated Debian (4.0.3-3) install.
The system was configured months ago by someone else, and works at present,
[EMAIL PROTECTED] # kadmin
Authenticating as principal root/[EMAIL PROTECTED] with password.
...
But I wanted to add an auth_to_local definition to my /etc/krb5.conf file: So
that:
[realms]
MIRABEAU.NL = {
kdc = SERV1.mirabeau.nl
admin_server = SERV1.mirabeau.nl
}
Becomes:
[realms]
MIRABEAU.NL = {
kdc = SERV1.mirabeau.nl
admin_server = SERV1.mirabeau.nl
auth_to_local = {
RULE:[2:$1](johndoe)s/^.*$/guest/
RULE:[2:$1;$2](^.*;admin$)s/;admin$//
RULE:[2:$2](^.*;root)s/^.*$/root/
DEFAULT
}
}
When I did that, Kerberos stops working.
[EMAIL PROTECTED] # kadmin
kadmin: Improper format of Kerberos configuration file while initializing krb5
library
If I comment out the three rules:
MIRABEAU.NL = {
kdc = MIRA-DC1.mirabeau.nl
admin_server = MIRA-DC1.mirabeau.nl
auth_to_local = {
# RULE:[2:$1;$2](^.*;admin$)s/;admin$//
# RULE:[2:$2](^.*;root)s/^.*$/root/
# DEFAULT
}
}
Everything is again working; except that I don't get my auth_to_local rules of
course..
[EMAIL PROTECTED] # kadmin
Authenticating as principal root/[EMAIL PROTECTED] with password.
...
This example is direct from your site:
http://web.mit.edu/Kerberos/krb5-1.5/krb5-1.5.3/doc/krb5-admin/realms--krb5.conf-.html#realms%20(krb5.conf)
What might I be doing wrong?
Or is it your documentation?
Are there hidden and undocumented caveats to this format?
Thanks,
(as a footnote; the error message could be much, much more specific.. I mean,
it doesn't even give a line number of where the error is found in the file, let
alone a true reason WHY it believes the format is invalid.)
Owen Carter
Software Configuratie Beheerder
Mirabeau | Development
H.J.E. Wenckebachweg 108
1096 AR Amsterdam
T: 020 5950550
F: 020 5950551
M: 062 9218409
W: www.mirabeau.nl
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
