> >> Actually ... I believe that MIT v4 only allows _one_ period (without
> >> any escapes). A minor nit, true ... but it could be crucial :-)
> >
> >I'm not sure what you mean by "allows" here. We ran an MIT kerberos
> >server for many years before we converted to V5 last summer. We always
> >use long hostnames in rcmd principals, so we had lots of principals
> >whose instances contained dots. I suppose you could theoretically
> >have a principal name which contained a dot, but it wouldn't be very
> >useful, as all of the tools and a some library routines assume that the
> >name part ends at the first dot.
>
> Whoops, I was basing this information on my extremely limited V4
> experience, in that Eudora would quote periods in V4 instance names
> if you told it to use the FQDN as the instance. But I looked at the
> V4 code, and you're right ... the first dot is the only one that matters.
>
> _However_ ... the principal conversion code in MIT Kerberos 5
> assumes that your V4 instance names are "short". I don't know how
> it behaves if you're using FQDNs for instances with V4. So beware
> if you're planning on migrating.
Actually, we did migrate, and it works just fine. The database
conversion code does the "right" thing if the instance already
contains a dot, which is to copy the instance name as-is without
any conversion. Similarly, the KDC does the right thing when
processing requests from V4 clients - requests that use a short
instance name are converted (if the service is 'rcmd', or one of
a couple others that are subject to conversion), but requests
that use a long instance name are left as-is.
Anyway, this shouldn't matter to most people, because using
rcmd principals with long hostnames is nonstandard and apparently
quite uncommon - AFAIK, ours was the only V4 realm where hosts are
routinely given rcmd principals with long hostnames. Several
other organizations were kind enough to make their V4 applications
(primarily telnet) try long-form rcmd service names for compatibility
with us.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
