On 7/30/2010 11:42 AM, Andrew Deason wrote: > Which... seems to be the cell name, not realm. I'm assuming this > originates from the time when cell == realm. For modern stuff we need to > iterate through afs_krb_get_lrealm and use the longest one, right? > > And "argh": what if the administrator configures another realm to be > 'local' and it has a longer name? I presume there's nothing we can do > about that... except perhaps documenting it?
My personal opinion is that it is not appropriate for cell A to second guess what cell B may or may not accept. I would remove this check entirely. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
