Adam Chlipala <[EMAIL PROTECTED]> writes:
> underscore-free names. (This naming convention difference definitely
> gets on my nerves. I'm assuming that there's a good reason for doing
> it, based on docelic's decision to use it.)
Putting slashes in unix usernames will cause problems for programs
which assume that a unix username can be used as a path component.
Avoiding slashes was a wise decision.
There's an alternative, though. We currently use "foo.admin" rather
than "foo/admin" for AFS usernames. Kerberos assigns no special
meaning to "/" and "." -- it's just a convention that "/" is used for
instances.
I propose that we switch to "foo.admin", "foo.cgi", and
"foo.mailfilter", and plan on never using slashes in kerberos
principals [*]. Then our UNIX, Kerberos, and AFS identities will all
be identical.
If we're going to do it, we should do it soon, because it will
only get harder as time goes on.
- a
[*] except for "service principals", since some client programs assume
certain principal naming schemes -- for example, web browsers
assume the principal used on the server side to encrypt the HTTP
channel will be $HOSTNAME/[EMAIL PROTECTED] But in this case it's not
a problem since there will be no corresponding UNIX userid
anyways. The principals used by the AFS daemons are the same way,
but again it's not an issue.
--
PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380
_______________________________________________
HCoop-SysAdmin mailing list
[email protected]
http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
