> >If I'm understanding correctly what several people have pointed out,
> >standard Kerberos allows periods in user names.
>
> Actually ... I believe that MIT v4 only allows _one_ period (without
> any escapes). A minor nit, true ... but it could be crucial :-)
I'm not sure what you mean by "allows" here. We ran an MIT kerberos
server for many years before we converted to V5 last summer. We always
use long hostnames in rcmd principals, so we had lots of principals
whose instances contained dots. I suppose you could theoretically
have a principal name which contained a dot, but it wouldn't be very
useful, as all of the tools and a some library routines assume that the
name part ends at the first dot.
V5 deals with this in a different manner. In V5, a principal is named
by one or more slash-separated parts. The most common cases are those
with only one part (a username), or those with two parts, where the
second is a hostname, service instance, or user instance. No part can
contain a slash, but apparently a principal name can contain more than
one part. Caveat: I've never actually tried that; YMMV.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
