On 7/30/2010 11:06 AM, Andrew Deason wrote: > On Thu, 29 Jul 2010 10:21:41 -0400 > Jeffrey Altman <[email protected]> wrote: > >> It is roughly correct. The cell name is not transmitted as part of the >> RPC to the pt server but when the foreign cell group entry is >> constructed the name ends up exceeding the limit. > > The ptserver doesn't allow user names to be longer than PR_MAXNAMELEN > minus the length of the local cell name, which I think is the check > that's failing... (CorrectUserName). This additional restriction is so > the user can be used as a foreign user name in another cell, though; > shouldn't we bypass that check for foreign users? We're not ever going > to need to create a > [email protected]@informatik.uni-goettingen.de, right?
This check is wrong for two reasons:
(1) The case you identified
(2) In modern usage of AFS, the foreign cell name is actually a
non-local realm name which does not need to match the cell name.
I think the test should be:
if (localname) {
for each (localrealm) {
verify lengthof(n...@localrealm) <= PR_MAXNAMELEN
}
} else {
verify lengthof(foreign-name) <= PR_MAXNAMELEN
}
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
