How do I configure a default principal for kinit (acquiring Kerberos ticket)?

When using kinit to acquire a Kerberos ticket I have configured it to use a default realm, e.g. GERT.LAN by editing /etc/krb5.conf:

[libdefaults]
        default_realm = GERT.LAN

That's great since I don't have to supply that all the time on the command line.

⟫ kinit
[email protected]'s Password:

However, my local username gert does not match the remote username gertvdijk. Now I have to supply the full principal name as an argument still. If this is just kinit I could create a bash alias, but more Kerberos tools appear to try my local username. For example Kredentials does not allow me to use another than default principal.

So, basically, what I want is to create a mapping between the local user gert and the remote principal [email protected].

Ironically, when using a more complicated setup with PAM I am able to achieve this. In krb5.conf:

[appdefaults]
        pam = {
                mappings = gert [email protected]
        }

But I don't want to use the Kerberos PAM module anymore since I've locked out myself so many times by thinking the Kerberos server isn't reachable and I'm trying to enter the local password...

So, long story short, is there a way to configure a default principal or a mapping from local usernames?


Solution 1:

The default principal can be set in ~/.k5identity

$ cat .k5identity
[email protected]

Then kinit will use it as a default identity.