> Old rxkad fileservers convert krb5 names to a krb4 "name" and > "instance" according to a semi-obscure set of hardcoded rules in > rxkad, join them with '.' (unless the instance is null), then append > '@' and the downcased realm (unless it is a "local" realm). The > resulting string is passed to PR_NameToID, and what _that_ does is > not currently specified.
I can say that I _am_ confused about how the name I have in an krb v5 keytab, host/[email protected], gets convered to rcmd.computer for use in pts. But web/[email protected] gets converted to web.computer.example.com. There is this section about conversion of named in krb5.conf but I do not know which programs actually use it and if it is used for this conversion at all (as stuff is hardcoded somewhere, too). > Note that I'm not proposing changing rxkad's existing interface, > which returns a separate name, instance, and cell. I'm only > proposing changing the form of the binary authname blob that would > be returned when the _new_ interface is used. Whatever we do, I'd like to see that the solution does _not_ result in something that is like the current mess where only a few people in the world know what is converted where and how. All the others follow the "we have always done it like this and then it works and don't ask questions" line. Harald. _______________________________________________ AFS3-standardization mailing list [email protected] http://michigan-openafs-lists.central.org/mailman/listinfo/afs3-standardization
