| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103 |
- .\" Man page generated from reStructuredText.
- .
- .TH "K5IDENTITY" "5" " " "1.20.1" "MIT Kerberos"
- .SH NAME
- k5identity \- Kerberos V5 client principal selection rules
- .
- .nr rst2man-indent-level 0
- .
- .de1 rstReportMargin
- \\$1 \\n[an-margin]
- level \\n[rst2man-indent-level]
- level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
- -
- \\n[rst2man-indent0]
- \\n[rst2man-indent1]
- \\n[rst2man-indent2]
- ..
- .de1 INDENT
- .\" .rstReportMargin pre:
- . RS \\$1
- . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
- . nr rst2man-indent-level +1
- .\" .rstReportMargin post:
- ..
- .de UNINDENT
- . RE
- .\" indent \\n[an-margin]
- .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
- .nr rst2man-indent-level -1
- .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
- .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
- ..
- .SH DESCRIPTION
- .sp
- The .k5identity file, which resides in a user\(aqs home directory,
- contains a list of rules for selecting a client principals based on
- the server being accessed. These rules are used to choose a
- credential cache within the cache collection when possible.
- .sp
- Blank lines and lines beginning with \fB#\fP are ignored. Each line has
- the form:
- .INDENT 0.0
- .INDENT 3.5
- \fIprincipal\fP \fIfield\fP=\fIvalue\fP ...
- .UNINDENT
- .UNINDENT
- .sp
- If the server principal meets all of the field constraints, then
- principal is chosen as the client principal. The following fields are
- recognized:
- .INDENT 0.0
- .TP
- \fBrealm\fP
- If the realm of the server principal is known, it is matched
- against \fIvalue\fP, which may be a pattern using shell wildcards.
- For host\-based server principals, the realm will generally only be
- known if there is a domain_realm section in
- krb5.conf(5) with a mapping for the hostname.
- .TP
- \fBservice\fP
- If the server principal is a host\-based principal, its service
- component is matched against \fIvalue\fP, which may be a pattern using
- shell wildcards.
- .TP
- \fBhost\fP
- If the server principal is a host\-based principal, its hostname
- component is converted to lower case and matched against \fIvalue\fP,
- which may be a pattern using shell wildcards.
- .sp
- If the server principal matches the constraints of multiple lines
- in the .k5identity file, the principal from the first matching
- line is used. If no line matches, credentials will be selected
- some other way, such as the realm heuristic or the current primary
- cache.
- .UNINDENT
- .SH EXAMPLE
- .sp
- The following example .k5identity file selects the client principal
- \fBalice@KRBTEST.COM\fP if the server principal is within that realm,
- the principal \fBalice/root@EXAMPLE.COM\fP if the server host is within
- a servers subdomain, and the principal \fBalice/mail@EXAMPLE.COM\fP when
- accessing the IMAP service on \fBmail.example.com\fP:
- .INDENT 0.0
- .INDENT 3.5
- .sp
- .nf
- .ft C
- alice@KRBTEST.COM realm=KRBTEST.COM
- alice/root@EXAMPLE.COM host=*.servers.example.com
- alice/mail@EXAMPLE.COM host=mail.example.com service=imap
- .ft P
- .fi
- .UNINDENT
- .UNINDENT
- .SH SEE ALSO
- .sp
- kerberos(1), krb5.conf(5)
- .SH AUTHOR
- MIT
- .SH COPYRIGHT
- 1985-2022, MIT
- .\" Generated by docutils manpage writer.
- .
|
