k5identity man page on Mageia

Man page or keyword search:  
man Server   17783 pages
apropos Keyword Search (all sections)
Output format
Mageia logo
[printable version]

K5IDENTITY(5)			 MIT Kerberos			 K5IDENTITY(5)

NAME
       k5identity - Kerberos V5 client principal selection rules

DESCRIPTION
       The  .k5identity	 file,	which resides in a user's home directory, con‐
       tains a list of rules for selecting a client principals	based  on  the
       server  being  accessed.	  These	 rules are used to choose a credential
       cache within the cache collection when possible.

       Blank lines and lines beginning with # are ignored.  Each line has  the
       form:
	  principal field=value ...

       If  the server principal meets all of the field constraints, then prin‐
       cipal is chosen as the client principal.	 The following fields are rec‐
       ognized:

       realm  If  the  realm  of  the server principal is known, it is matched
	      against value, which may be a  pattern  using  shell  wildcards.
	      For  host-based server principals, the realm will generally only
	      be known if there is a domain_realm section in krb5.conf(5) with
	      a mapping for the hostname.

       service
	      If  the  server principal is a host-based principal, its service
	      component is matched against value, which may be a pattern using
	      shell wildcards.

       host   If  the server principal is a host-based principal, its hostname
	      component is converted to lower case and matched against	value,
	      which may be a pattern using shell wildcards.

	      If  the  server  principal  matches  the constraints of multiple
	      lines in the .k5identity file,  the  principal  from  the	 first
	      matching	line is used.  If no line matches, credentials will be
	      selected some other way, such as the realm heuristic or the cur‐
	      rent primary cache.

EXAMPLE
       The  following  example	.k5identity  file selects the client principal
       alice@KRBTEST.COM if the server principal is  within  that  realm,  the
       principal alice/root@EXAMPLE.COM if the server host is within a servers
       subdomain, and the principal alice/mail@EXAMPLE.COM when accessing  the
       IMAP service on mail.example.com:

	      alice@KRBTEST.COM	      realm=KRBTEST.COM
	      alice/root@EXAMPLE.COM  host=*.servers.example.com
	      alice/mail@EXAMPLE.COM  host=mail.example.com service=imap

SEE ALSO
       kerberos(1), krb5.conf(5)

AUTHOR
       MIT

COPYRIGHT
       1985-2013, MIT

1.11.4								 K5IDENTITY(5)
[top]

List of man pages available for Mageia

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net