On 07/16/2015 05:46 PM, Lars Kellogg-Stedman wrote: > Is it possible to configure my local Kerberos environment such that when I > type 'kinit' with no additional parameters, it will use something other than > '<my_local_username>@<default_kerberos_domain>'?
No, we don't have a configurable mapping from local name to Kerberos principals. If we did, every tool which gets initial tickets (not just kinit) would need to be modified to use it. At least some versions of pam_krb5 have some mapping options. See the alt_auth_map and search_k5login options here: http://www.eyrie.org/~eagle/software/pam-krb5/pam-krb5.html > My username on my local workstation differs from my organizational Kerberos > principal name. I'm currently using an explicit 'kinit > myprinci...@corp.com', but this doesn't integrate well with system tools > that might otherwise enable me to automatically acquire a token on login and > take care of renewing it for me. > > The documentation for both 'auth_local_names' and 'k5identity' seemed > promising, but neither appears to do what I want. Right. aname-to-lname goes in the other direction, and k5identity is about picking which of several Kerberos principals to use. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos