.k5identity(5) - phpMan

K5IDENTITY(5)                    MIT Kerberos                    K5IDENTITY(5)

NAME
       k5identity - Kerberos V5 client principal selection rules
DESCRIPTION
       The  .k5identity  file,  which resides in a user's home directory, con-
       tains a list of rules for selecting a client principals  based  on  the
       server  being  accessed.   These  rules are used to choose a credential
       cache within the cache collection when possible.
       Blank lines and lines beginning with # are ignored.  Each line has  the
       form:
          principal field=value ...
       If  the server principal meets all of the field constraints, then prin-
       cipal is chosen as the client principal.  The following fields are rec-
       ognized:
       realm  If  the  realm  of  the server principal is known, it is matched
              against value, which may be a  pattern  using  shell  wildcards.
              For  host-based server principals, the realm will generally only
              be known if there is a domain_realm section in krb5.conf(5) with
              a mapping for the hostname.
       service
              If  the  server principal is a host-based principal, its service
              component is matched against value, which may be a pattern using
              shell wildcards.
       host   If  the server principal is a host-based principal, its hostname
              component is converted to lower case and matched against  value,
              which may be a pattern using shell wildcards.
              If  the  server  principal  matches  the constraints of multiple
              lines in the .k5identity file,  the  principal  from  the  first
              matching  line is used.  If no line matches, credentials will be
              selected some other way, such as the realm heuristic or the cur-
              rent primary cache.
EXAMPLE
       The  following  example  .k5identity  file selects the client principal
       alice AT KRBTEST.COM if the server principal is  within  that  realm,  the
       principal alice/root AT EXAMPLE.COM if the server host is within a servers
       subdomain, and the principal alice/mail AT EXAMPLE.COM when accessing  the
       IMAP service on mail.example.com:
          alice AT KRBTEST.COM       realm=KRBTEST.COM
          alice/root AT EXAMPLE.COM  host=*.servers.example.com
          alice/mail AT EXAMPLE.COM  host=mail.example.com service=imap
SEE ALSO
       kerberos(1), krb5.conf(5)
AUTHOR
       MIT
COPYRIGHT
       1985-2017, MIT


1.15.1                                                           K5IDENTITY(5)