>> Actually ... I believe that MIT v4 only allows _one_ period (without
>> any escapes). A minor nit, true ... but it could be crucial :-)
>
>I'm not sure what you mean by "allows" here. We ran an MIT kerberos
>server for many years before we converted to V5 last summer. We always
>use long hostnames in rcmd principals, so we had lots of principals
>whose instances contained dots. I suppose you could theoretically
>have a principal name which contained a dot, but it wouldn't be very
>useful, as all of the tools and a some library routines assume that the
>name part ends at the first dot.
Whoops, I was basing this information on my extremely limited V4
experience, in that Eudora would quote periods in V4 instance names
if you told it to use the FQDN as the instance. But I looked at the
V4 code, and you're right ... the first dot is the only one that matters.
_However_ ... the principal conversion code in MIT Kerberos 5
assumes that your V4 instance names are "short". I don't know how
it behaves if you're using FQDNs for instances with V4. So beware
if you're planning on migrating.
--Ken
