Actually the statement should be rewritten first. The eight character limit
is valid for most unix systems where the "AFS user name" is also going to be
a "unix account". If it is not, as in "rsw.admin" where the "unix account"
account is "rsw", then the "63 numbers and lowercase letters" is fine.
Concerning the special character ".", this is a special character to
Kerberos which denotes a "principle and instance pair". This does not appear
to be well understood by some of the Transarc folks, since AFS (Andrew) as
it was designed did not have much use for the "Kerberos instance". However
for those who use the kaserver for more then just filesystem authentication,
as how Kerberos was designed, it is an expected function of the Kerberos
server.
Fortunately the "kaserver" performs most of the "MIT kerberos server"
functions correctly, so a single kerberos server can be used for both Andrew
filesystem, and MIT principal and instance, authentication. It may be that
the "uss" program is flawed in its' ability to handle "principle and
instance pair". We like many sites roll our own account maintance
applications using the basic AFS and/or MIT Kerberos utilities or library
functions so never had cause to gripe about it. Transarc has done a pretty
good job of fixing a number of kerberos interoperability problems. In fact
fixing these was what allowed us to migrate our historicaly MIT kerberos
site, with NFS, to AFS in the first place. This should be the continued
direction if changes are to be made.
Randall
On Thu, 15 Jan 1998 [EMAIL PROTECTED] wrote:
: I notice that the AFS Command Reference page for `pts createuser' says
: that an AFS user name
:
: may contain up to 63 numbers and lowercase letters. [...the second
: sentence suggests making them eight characters or less...] Also,
: do not include any characters consdiered special in UNIX,
: particularly the colon and period.
:
: I have made a note to include this statement on the pages for `kas
: create' and `uss add' also, in the AFS 3.5 documentation. I will also
: try to obtain an exact list of the prohibited "special characters."
:
: Tony Mauro
: Transarc File Systems documenter
:
