1K5IDENTITY(5)                    MIT Kerberos                    K5IDENTITY(5)
2
3
4

NAME

6       k5identity - Kerberos V5 client principal selection rules
7

DESCRIPTION

9       The  .k5identity  file,  which resides in a user's home directory, con‐
10       tains a list of rules for selecting a client principals  based  on  the
11       server  being  accessed.   These  rules are used to choose a credential
12       cache within the cache collection when possible.
13
14       Blank lines and lines beginning with # are ignored.  Each line has  the
15       form:
16          principal field=value ...
17
18       If  the server principal meets all of the field constraints, then prin‐
19       cipal is chosen as the client principal.  The following fields are rec‐
20       ognized:
21
22       realm  If  the  realm  of  the server principal is known, it is matched
23              against value, which may be a  pattern  using  shell  wildcards.
24              For  host-based server principals, the realm will generally only
25              be known if there is a domain_realm section in krb5.conf(5) with
26              a mapping for the hostname.
27
28       service
29              If  the  server principal is a host-based principal, its service
30              component is matched against value, which may be a pattern using
31              shell wildcards.
32
33       host   If  the server principal is a host-based principal, its hostname
34              component is converted to lower case and matched against  value,
35              which may be a pattern using shell wildcards.
36
37              If  the  server  principal  matches  the constraints of multiple
38              lines in the .k5identity file,  the  principal  from  the  first
39              matching  line is used.  If no line matches, credentials will be
40              selected some other way, such as the realm heuristic or the cur‐
41              rent primary cache.
42

EXAMPLE

44       The  following  example  .k5identity  file selects the client principal
45       alice@KRBTEST.COM if the server principal is  within  that  realm,  the
46       principal alice/root@EXAMPLE.COM if the server host is within a servers
47       subdomain, and the principal alice/mail@EXAMPLE.COM when accessing  the
48       IMAP service on mail.example.com:
49
50          alice@KRBTEST.COM       realm=KRBTEST.COM
51          alice/root@EXAMPLE.COM  host=*.servers.example.com
52          alice/mail@EXAMPLE.COM  host=mail.example.com service=imap
53

SEE ALSO

55       kerberos(1), krb5.conf(5)
56

AUTHOR

58       MIT
59
61       1985-2019, MIT
62
63
64
65
661.17                                                             K5IDENTITY(5)
Impressum