On Sep 14, 2006, at 21:34, Scott Simpson wrote:
> I running Redhat 4 which uses Kerberos 1.3.4. I'm trying to get the
> "auth_to_local" rule working in the [realm] stanza. If I set
>
> auth_to_local = DEFAULT
>
> it works fine.

That looks like the correct usage.

> But if I set it to
>
> auth_to_local = { DEFAULT }
>
> it comes up but doesn't work.

Since "{ DEFAULT }" isn't a recognized type, this is probably
generating an error in the aname-to-lname mapping code, which then is
probably getting ignored in the interest of trying to make things
work as well as possible.

> If I set it to
>
> auth_to_local = {
> DEFAULT
> }
>
> I get a syntax error and krb5kdc won't even come up. Any help would be
> appreciated. Thank you.

That is indeed invalid syntax for the config file, so any program
reading it is going to report an error.

The braces aren't for grouping *values*, they're for introducing a
deeper level in the hierarchy, and the line breaks are significant.
The "{ DEFAULT }" case doesn't match the syntax for starting a new
level, so the whole string is taken as a value. And "DEFAULT" on a
line by itself isn't specifying a value for a tag; a line giving a
value has to be of the form "foo = bar".

Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

"Ken Raeburn" wrote in message
news:8F3A91F9-179E-4881-9EF5-04EAEC04B7AA@mit.edu...
> The braces aren't for grouping *values*, they're for introducing a
> deeper level in the hierarchy, and the line breaks are significant.
> The "{ DEFAULT }" case doesn't match the syntax for starting a new
> level, so the whole string is taken as a value. And "DEFAULT" on a
> line by itself isn't specifying a value for a tag; a line giving a
> value has to be of the form "foo = bar".

OK. How do I put two rules in then like

auth_to_local = {
RULE:[2:$1](^root;.*)s/^.*$/root/
DEFAULT
}

but without the braces? There is an example with very similar syntax at
http://web.mit.edu/kerberos/krb5-1.3...rb5-admin.html (search
for auth_to_local). That is why I'm confused about why the braces don't
work.
Scott

Scott Simpson wrote:
> "Ken Raeburn" wrote in message
> news:8F3A91F9-179E-4881-9EF5-04EAEC04B7AA@mit.edu...
>
>>The braces aren't for grouping *values*, they're for introducing a
>>deeper level in the hierarchy, and the line breaks are significant.
>>The "{ DEFAULT }" case doesn't match the syntax for starting a new
>>level, so the whole string is taken as a value. And "DEFAULT" on a
>>line by itself isn't specifying a value for a tag; a line giving a
>>value has to be of the form "foo = bar".
>
>
> OK. How do I put two rules in then like
>
> auth_to_local = {
> RULE:[2:$1](^root;.*)s/^.*$/root/
> DEFAULT
> }
>

Try:

auth_to_local = RULE:[2:$1](^root;.*)s/^.*$/root/
auth_to_local = DEFAULT


> but without the braces? There is an example with very similar syntax at
> http://web.mit.edu/kerberos/krb5-1.3...rb5-admin.html (search
> for auth_to_local). That is why I'm confused about why the braces don't
> work.
> Scott
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>

--

Douglas E. Engert
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos