Hi Wlad, After thinking it over again, the maximum login name length in MariaDB, which is only 16 characters by default the same as in MySQL. I find this https://mariadb.atlassian.net/browse/MDEV-4332 in JIRA. Will the long username be well supported in subsequent releases?
A valid GNU/Linux username is a 32 character string (see useradd(8) man page). And a valid Kerberos principal name length is in between 1 and 256 inclusively. (see http://pic.dhe.ibm.com/infocenter/iseries/v6r1m0/index.jsp?topic=/cl/addkrbtkt.htm, I didn't find an official document) If we put a whole valid Kerberos principal name, I think it may cause problem someday for the unmatched name length. Do you think the username length a big constraints? Let me know your thought. Thanks! Sincerely, Shuang On Jun 21, 2013, at 9:58 AM, QIU Shuang <[email protected]> wrote: > Hi wlad, > > Thank you for your concern. > >> Create user >> 'foo@bar'@localhost creates user foo@bar, on localhost. > >> create user that is identified with name and domain and can connect >> from any computer > I admit that I mis-understood the usage of User@Host in MariaDB. > > I thought the User and Host fields in MariaDB are in the same place as those > in a Kerberos principal. > i.e. if my MariaDB login name is [email protected], then my Kerberos > principal will be > [email protected]/CHINA, where MariaDB login name is part of Kerberos > principal. > (if that case, the realm part is omitted in MariaDB, and we should find > another way to figure it out. > That's what I argued in my previous email.) > > From your reply, it seems [email protected]/[email protected], the bold part > is MariaDB User and italic part Host, > can be a valid login name in our project. > > Suddenly realise the Host in MariaDB login name will constraint the user > login place. > It's much clear now. > >> Re realm, I do not know this much but '[email protected]/REALM' also >> does not look too weird to me. > To me, either :). > >> Or perhaps I miss something still? Can you elaborate? > No, you're right. I confused these two names. > > Thank you for you hints! > Sincerely, Shuang > > > On Jun 20, 2013, at 2:22 AM, Vladislav Vaintroub <[email protected]> > wrote: > >> >> >> From: QIU Shuang [mailto:[email protected]] >> Sent: Mittwoch, 19. Juni 2013 19:52 >> To: Vladislav Vaintroub >> Subject: Re: [Maria-developers] [GSoC] Kerberize MariaDB -- some unclear >> point about the project >> >> >> Hi Shuang, >> >>>> Trying to make a nicer name, for example by removing domain part could >> introduce some ambiguity here and different Kerberos users to login as the >> same. >>> I think so. >>> But per my knowledge, the fully qualified name in MariaDB is >> username@hostname. >>> What about the realm/domain part? >>> I think this may be a gap between MariaDB and Kerberos. >> >> Maybe I oversee something, but I do not really see any contradiction here. >> Do you mean that @ is special character should not be used in usernames? It >> actually can, it just must be properly escaped. Create user >> 'foo@bar'@localhost creates user foo@bar, on localhost. >> Hypothetical CREATE USER '[email protected]' @'%' IDENTIFIED WITH >> 'Kerberos' >> >> will create user that is identified with name and domain and can connect >> from any computer (due to use of wildcard for computername part, this >> wildcard can be omitted). >> Re realm, I do not know this much but '[email protected]/REALM' also >> does not look too weird to me. >> >> Or perhaps I miss something still? Can you elaborate? >> >> Wlad >> >
_______________________________________________ Mailing list: https://launchpad.net/~maria-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~maria-developers More help : https://help.launchpad.net/ListHelp
