{"id":4432,"date":"2022-12-20T17:49:16","date_gmt":"2022-12-20T20:49:16","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/k5identity-man5\/"},"modified":"2022-12-20T17:49:16","modified_gmt":"2022-12-20T20:49:16","slug":"k5identity-man5","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/k5identity-man5\/","title":{"rendered":"K5IDENTITY (man5)"},"content":{"rendered":"<h1 align=\"center\">K5IDENTITY<\/h1>\n<p> <a href=\"#NAME\">NAME<\/a><br \/> <a href=\"#DESCRIPTION\">DESCRIPTION<\/a><br \/> <a href=\"#EXAMPLE\">EXAMPLE<\/a><br \/> <a href=\"#SEE ALSO\">SEE ALSO<\/a><br \/> <a href=\"#AUTHOR\">AUTHOR<\/a><br \/> <a href=\"#COPYRIGHT\">COPYRIGHT<\/a> <\/p>\n<hr>\n<h2>NAME <a name=\"NAME\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">k5identity \u2212 Kerberos V5 client principal selection rules<\/p>\n<h2>DESCRIPTION <a name=\"DESCRIPTION\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">The .k5identity file, which resides in a user&#8217;s home directory, contains a list of rules for selecting a client principals based on the server being accessed. These rules are used to choose a credential cache within the cache collection when possible.<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">Blank lines and lines beginning with <b>#<\/b> are ignored. Each line has the form:<\/p>\n<p style=\"margin-left:15%;\"><i>principal field<\/i>=<i>value<\/i> &#8230;<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">If the server principal meets all of the field constraints, then principal is chosen as the client principal. The following fields are recognized:<\/p>\n<table width=\"100%\" border=\"0\" rules=\"none\" frame=\"void\" cellspacing=\"0\" cellpadding=\"0\">\n<tr valign=\"top\" align=\"left\">\n<td width=\"11%\"><\/td>\n<td width=\"7%\">\n<p><b>realm<\/b><\/p>\n<\/td>\n<td width=\"4%\"><\/td>\n<td width=\"78%\">\n<p>If the realm of the server principal is known, it is matched against <i>value<\/i>, which may be a pattern using shell wildcards. For host\u2212based server principals, the realm will generally only be known if there is a domain_realm section in krb5.conf(5) with a mapping for the hostname.<\/p>\n<\/td>\n<\/tr>\n<\/table>\n<p style=\"margin-left:11%;\"><b>service<\/b><\/p>\n<p style=\"margin-left:22%;\">If the server principal is a host\u2212based principal, its service component is matched against <i>value<\/i>, which may be a pattern using shell wildcards.<\/p>\n<table width=\"100%\" border=\"0\" rules=\"none\" frame=\"void\" cellspacing=\"0\" cellpadding=\"0\">\n<tr valign=\"top\" align=\"left\">\n<td width=\"11%\"><\/td>\n<td width=\"6%\">\n<p><b>host<\/b><\/p>\n<\/td>\n<td width=\"5%\"><\/td>\n<td width=\"78%\">\n<p>If the server principal is a host\u2212based principal, its hostname component is converted to lower case and matched against <i>value<\/i>, which may be a pattern using shell wildcards.<\/p>\n<\/td>\n<\/tr>\n<\/table>\n<p style=\"margin-left:22%; margin-top: 1em\">If the server principal matches the constraints of multiple lines in the .k5identity file, the principal from the first matching line is used. If no line matches, credentials will be selected some other way, such as the realm heuristic or the current primary cache.<\/p>\n<h2>EXAMPLE <a name=\"EXAMPLE\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">The following example .k5identity file selects the client principal <b>alice@KRBTEST.COM<\/b> if the server principal is within that realm, the principal <b>alice\/root@EXAMPLE.COM<\/b> if the server host is within a servers subdomain, and the principal <b>alice\/mail@EXAMPLE.COM<\/b> when accessing the IMAP service on <b>mail.example.com<\/b>:<\/p>\n<pre style=\"margin-left:15%; margin-top: 1em\">alice@KRBTEST.COM realm=KRBTEST.COM alice\/root@EXAMPLE.COM host=*.servers.example.com alice\/mail@EXAMPLE.COM host=mail.example.com service=imap<\/pre>\n<h2>SEE ALSO <a name=\"SEE ALSO\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">kerberos(1), krb5.conf(5)<\/p>\n<h2>AUTHOR <a name=\"AUTHOR\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">MIT<\/p>\n<h2>COPYRIGHT <a name=\"COPYRIGHT\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">1985-2020, MIT<\/p>\n<hr>\n","protected":false},"excerpt":{"rendered":"<p>  k5identity \u2212 Kerberos V5 client principal selection rules <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[959],"tags":[961,1421,1291],"class_list":["post-4432","post","type-post","status-publish","format-standard","hentry","category-5-formatos-de-ficheros","tag-961","tag-k5identity","tag-man5"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/4432","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=4432"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/4432\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=4432"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=4432"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=4432"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}