table of contents
other versions
- wheezy 1.10.1+dfsg-5+deb7u7
- jessie 1.12.1+dfsg-19+deb8u2
- testing 1.15-1
- unstable 1.15-1
- experimental 1.15-2
.K5LOGIN(5) | File Formats Manual | .K5LOGIN(5) |
NAME¶
.k5identity - Kerberos V5 client principal selection rulesDESCRIPTION¶
The .k5identity file, which resides in a user's home directory, contains a list of rules for selecting a client principals based on the server being accessed. These rules are used to choose a credential cache within the cache collection when possible. Blank lines and lines beginning with '#' are ignored. Each line has the form:principal field=value
...
If the server principal meets all of the field constraints, then
principal is chosen as the client principal. The following fields are
recognized:
- realm
- If the realm of the server principal is known, it is matched against value, which may be a pattern using shell wildcards. For host-based server principals, the realm will generally only be known if there is a domain_realm section in krb5.conf with a mapping for the hostname.
- service
- If the server principal is a host-based principal, its service component is matched against value, which may be a pattern using shell wildcards.
- host
- If the server principal is a host-based principal, its hostname component is converted to lower case and matched against value, which may be a pattern using shell wildcards.
EXAMPLE¶
The following example .k5identity file selects the client principal alice@KRBTEST.COM if the server principal is within that realm, the principal alice/root@EXAMPLE.COM if the server host is within a servers subdomain, and the principal alice/mail@EXAMPLE.COM when accessing the IMAP service on mail.example.com.alice@KRBTEST.COM realm=KRBTEST.COM alice/root@EXAMPLE.COM host=*.servers.example.com alice/mail@EXAMPLE.COM host=mail.example.com service=imap