Anybody know how to use auth_to_local with Redhat's Kerberos? - Kerberos

This is a discussion on Anybody know how to use auth_to_local with Redhat's Kerberos? - Kerberos ; I running Redhat 4 which uses Kerberos 1.3.4. I'm trying to get the "auth_to_local" rule working in the [realm] stanza. If I set auth_to_local = DEFAULT it works fine. But if I set it to auth_to_local = { DEFAULT } ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Anybody know how to use auth_to_local with Redhat's Kerberos?

  1. Anybody know how to use auth_to_local with Redhat's Kerberos?

    I running Redhat 4 which uses Kerberos 1.3.4. I'm trying to get the
    "auth_to_local" rule working in the [realm] stanza. If I set

    auth_to_local = DEFAULT

    it works fine. But if I set it to

    auth_to_local = { DEFAULT }

    it comes up but doesn't work. If I set it to

    auth_to_local = {
    DEFAULT
    }

    I get a syntax error and krb5kdc won't even come up. Any help would be
    appreciated. Thank you.



  2. Re: Anybody know how to use auth_to_local with Redhat's Kerberos?

    On Sep 14, 2006, at 21:34, Scott Simpson wrote:
    > I running Redhat 4 which uses Kerberos 1.3.4. I'm trying to get the
    > "auth_to_local" rule working in the [realm] stanza. If I set
    >
    > auth_to_local = DEFAULT
    >
    > it works fine.


    That looks like the correct usage.

    > But if I set it to
    >
    > auth_to_local = { DEFAULT }
    >
    > it comes up but doesn't work.


    Since "{ DEFAULT }" isn't a recognized type, this is probably
    generating an error in the aname-to-lname mapping code, which then is
    probably getting ignored in the interest of trying to make things
    work as well as possible.

    > If I set it to
    >
    > auth_to_local = {
    > DEFAULT
    > }
    >
    > I get a syntax error and krb5kdc won't even come up. Any help would be
    > appreciated. Thank you.


    That is indeed invalid syntax for the config file, so any program
    reading it is going to report an error.

    The braces aren't for grouping *values*, they're for introducing a
    deeper level in the hierarchy, and the line breaks are significant.
    The "{ DEFAULT }" case doesn't match the syntax for starting a new
    level, so the whole string is taken as a value. And "DEFAULT" on a
    line by itself isn't specifying a value for a tag; a line giving a
    value has to be of the form "foo = bar".

    Ken
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  3. Re: Anybody know how to use auth_to_local with Redhat's Kerberos?


    "Ken Raeburn" wrote in message
    news:8F3A91F9-179E-4881-9EF5-04EAEC04B7AA@mit.edu...
    > The braces aren't for grouping *values*, they're for introducing a
    > deeper level in the hierarchy, and the line breaks are significant.
    > The "{ DEFAULT }" case doesn't match the syntax for starting a new
    > level, so the whole string is taken as a value. And "DEFAULT" on a
    > line by itself isn't specifying a value for a tag; a line giving a
    > value has to be of the form "foo = bar".


    OK. How do I put two rules in then like

    auth_to_local = {
    RULE:[2:$1](^root;.*)s/^.*$/root/
    DEFAULT
    }

    but without the braces? There is an example with very similar syntax at
    http://web.mit.edu/kerberos/krb5-1.3...rb5-admin.html (search
    for auth_to_local). That is why I'm confused about why the braces don't
    work.
    Scott



  4. Re: Anybody know how to use auth_to_local with Redhat's Kerberos?



    Scott Simpson wrote:
    > "Ken Raeburn" wrote in message
    > news:8F3A91F9-179E-4881-9EF5-04EAEC04B7AA@mit.edu...
    >
    >>The braces aren't for grouping *values*, they're for introducing a
    >>deeper level in the hierarchy, and the line breaks are significant.
    >>The "{ DEFAULT }" case doesn't match the syntax for starting a new
    >>level, so the whole string is taken as a value. And "DEFAULT" on a
    >>line by itself isn't specifying a value for a tag; a line giving a
    >>value has to be of the form "foo = bar".

    >
    >
    > OK. How do I put two rules in then like
    >
    > auth_to_local = {
    > RULE:[2:$1](^root;.*)s/^.*$/root/
    > DEFAULT
    > }
    >


    Try:

    auth_to_local = RULE:[2:$1](^root;.*)s/^.*$/root/
    auth_to_local = DEFAULT


    > but without the braces? There is an example with very similar syntax at
    > http://web.mit.edu/kerberos/krb5-1.3...rb5-admin.html (search
    > for auth_to_local). That is why I'm confused about why the braces don't
    > work.
    > Scott
    >
    >
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos
    >
    >


    --

    Douglas E. Engert
    Argonne National Laboratory
    9700 South Cass Avenue
    Argonne, Illinois 60439
    (630) 252-5444
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread