Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
K5IDENTITY(5)			 MIT Kerberos			 K5IDENTITY(5)

NAME
       k5identity - Kerberos V5	client principal selection rules

DESCRIPTION
       The  .k5identity	 file,	which resides in a user's home directory, con-
       tains a list of rules for selecting a client principals	based  on  the
       server  being  accessed.	  These	 rules are used	to choose a credential
       cache within the	cache collection when possible.

       Blank lines and lines beginning with # are ignored.  Each line has  the
       form:
	  principal field=value	...

       If  the server principal	meets all of the field constraints, then prin-
       cipal is	chosen as the client principal.	 The following fields are rec-
       ognized:

       realm  If  the  realm  of  the server principal is known, it is matched
	      against value, which may be a  pattern  using  shell  wildcards.
	      For  host-based server principals, the realm will	generally only
	      be known if there	is a domain_realm section in krb5.conf(5) with
	      a	mapping	for the	hostname.

       service
	      If  the  server principal	is a host-based	principal, its service
	      component	is matched against value, which	may be a pattern using
	      shell wildcards.

       host   If  the server principal is a host-based principal, its hostname
	      component	is converted to	lower case and matched against	value,
	      which may	be a pattern using shell wildcards.

	      If  the  server  principal  matches  the constraints of multiple
	      lines in the .k5identity file,  the  principal  from  the	 first
	      matching	line is	used.  If no line matches, credentials will be
	      selected some other way, such as the realm heuristic or the cur-
	      rent primary cache.

EXAMPLE
       The following example .k5identity file selects the client principal al-
       ice@KRBTEST.COM if the server principal is within that realm, the prin-
       cipal  alice/root@EXAMPLE.COM  if  the  server host is within a servers
       subdomain, and the principal alice/mail@EXAMPLE.COM when	accessing  the
       IMAP service on mail.example.com:

	  alice@KRBTEST.COM	  realm=KRBTEST.COM
	  alice/root@EXAMPLE.COM  host=*.servers.example.com
	  alice/mail@EXAMPLE.COM  host=mail.example.com	service=imap

SEE ALSO
       kerberos(1), krb5.conf(5)

AUTHOR
       MIT

COPYRIGHT
       1985-2017, MIT

1.15.1								 K5IDENTITY(5)

NAME | DESCRIPTION | EXAMPLE | SEE ALSO | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=k5identity&sektion=5&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help