On Wed, 13 Aug 2014 23:07:03 -0400, Greg Hudson wrote: > So you need something like: > > [realms] > EXAMPLE.COM = { > auth_to_local = RULE:[1:$1@$0](.*@MYREALM.COM)s/@MYREALM.COM$// > auth_to_local = DEFAULT > }
Amazing, it works! Greg, you're a genius... or just happen to know these things. I would never have come up with this on my own. Although I did encounter an example of someone using $0, they were doing something else with it and perhaps I didn't understand enough of what was going on. Some other notes. Regarding the Apache configuration, for this to work I don't have to include MYREALM.COM in the KrbAuthRealms list -- just the default realm. No realm name parts in the 'require user' list either. Lastly, I was initially afraid that this would affect Kerberos authentication for other services, such as SSH, but apparently not, so I'm thus far very pleased with this configuration. Thanks, Greg, and Russ! Cheers, Jaap ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos