Mercurial > repos > rliterman > csp2

comparison CSP2/CSP2_env/env-d9b9114564458d9d-741b3de822f2aaca6c6caa4325c4afce/share/man/man5/k5identity.5 @ 68:5028fdace37b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
planemo upload commit 2e9511a184a1ca667c7be0c6321a36dc4e3d116d
author jpayne
date Tue, 18 Mar 2025 16:23:26 -0400
parents
children
comparison
equal deleted inserted replaced
67:0e9998148a16 68:5028fdace37b
1 .\" Man page generated from reStructuredText.
2 .
3 .TH "K5IDENTITY" "5" " " "1.20.1" "MIT Kerberos"
4 .SH NAME
5 k5identity \- Kerberos V5 client principal selection rules
6 .
7 .nr rst2man-indent-level 0
8 .
9 .de1 rstReportMargin
10 \\$1 \\n[an-margin]
11 level \\n[rst2man-indent-level]
12 level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
13 -
14 \\n[rst2man-indent0]
15 \\n[rst2man-indent1]
16 \\n[rst2man-indent2]
17 ..
18 .de1 INDENT
19 .\" .rstReportMargin pre:
20 . RS \\$1
21 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
22 . nr rst2man-indent-level +1
23 .\" .rstReportMargin post:
24 ..
25 .de UNINDENT
26 . RE
27 .\" indent \\n[an-margin]
28 .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
29 .nr rst2man-indent-level -1
30 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
31 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
32 ..
33 .SH DESCRIPTION
34 .sp
35 The .k5identity file, which resides in a user\(aqs home directory,
36 contains a list of rules for selecting a client principals based on
37 the server being accessed. These rules are used to choose a
38 credential cache within the cache collection when possible.
39 .sp
40 Blank lines and lines beginning with \fB#\fP are ignored. Each line has
41 the form:
42 .INDENT 0.0
43 .INDENT 3.5
44 \fIprincipal\fP \fIfield\fP=\fIvalue\fP ...
45 .UNINDENT
46 .UNINDENT
47 .sp
48 If the server principal meets all of the field constraints, then
49 principal is chosen as the client principal. The following fields are
50 recognized:
51 .INDENT 0.0
52 .TP
53 \fBrealm\fP
54 If the realm of the server principal is known, it is matched
55 against \fIvalue\fP, which may be a pattern using shell wildcards.
56 For host\-based server principals, the realm will generally only be
57 known if there is a domain_realm section in
58 krb5.conf(5) with a mapping for the hostname.
59 .TP
60 \fBservice\fP
61 If the server principal is a host\-based principal, its service
62 component is matched against \fIvalue\fP, which may be a pattern using
63 shell wildcards.
64 .TP
65 \fBhost\fP
66 If the server principal is a host\-based principal, its hostname
67 component is converted to lower case and matched against \fIvalue\fP,
68 which may be a pattern using shell wildcards.
69 .sp
70 If the server principal matches the constraints of multiple lines
71 in the .k5identity file, the principal from the first matching
72 line is used. If no line matches, credentials will be selected
73 some other way, such as the realm heuristic or the current primary
74 cache.
75 .UNINDENT
76 .SH EXAMPLE
77 .sp
78 The following example .k5identity file selects the client principal
79 \fBalice@KRBTEST.COM\fP if the server principal is within that realm,
80 the principal \fBalice/root@EXAMPLE.COM\fP if the server host is within
81 a servers subdomain, and the principal \fBalice/mail@EXAMPLE.COM\fP when
82 accessing the IMAP service on \fBmail.example.com\fP:
83 .INDENT 0.0
84 .INDENT 3.5
85 .sp
86 .nf
87 .ft C
88 alice@KRBTEST.COM realm=KRBTEST.COM
89 alice/root@EXAMPLE.COM host=*.servers.example.com
90 alice/mail@EXAMPLE.COM host=mail.example.com service=imap
91 .ft P
92 .fi
93 .UNINDENT
94 .UNINDENT
95 .SH SEE ALSO
96 .sp
97 kerberos(1), krb5.conf(5)
98 .SH AUTHOR
99 MIT
100 .SH COPYRIGHT
101 1985-2022, MIT
102 .\" Generated by docutils manpage writer.
103 .