To accomodate more complex translations, you can create a hierarchical set of rules to add to the default. Each rule is divided into three parts: base, filter, and substitution.
- The Base: - The base begins with the number of components in the principal name (excluding the realm), followed by a colon, and the pattern for building the username from the sections of the principal name. In the pattern section - $0translates to the realm,- $1translates to the first component and- $2to the second component.- For example: - [1:$1@$0]translates- myusername@APACHE.ORGto- myusername@APACHE.ORG- [2:$1]translates- myusername/admin@APACHE.ORGto- myusername- [2:$1%$2]translates- myusername/admin@APACHE.ORGto “- myusername%admin
- The Filter: - The filter consists of a regex in a parentheses that must match the generated string for the rule to apply. - For example: - (.*%admin)matches any string that ends in- %admin- (.*@SOME.DOMAIN)matches any string that ends in- @SOME.DOMAIN
- The Substitution: - The substitution is a sed rule that translates a regex into a fixed string. - For example: - s/@ACME\.COM//removes the first instance of- @SOME.DOMAIN.- s/@[A-Z]*\.COM//removes the first instance of- @followed by a name followed by- COM.- s/X/Y/greplaces all of the- Xin the name with- Y


