[OpenAFS] Re: is there any good reason to use capialized names for new realms?
Russ Allbery
rra@stanford.edu
Wed, 25 Jan 2006 13:15:35 -0800
Adam Megacz <megacz@cs.berkeley.edu> writes:
> Russ Allbery <rra@stanford.edu> writes:
>> Yes, there's a lot of software out there that assumes all realm names
>> are in uppercase. It's possible to use lowercase realms (stanford.edu
>> is a lowercase realm), but learn from our mistake and don't do it.
>> It's not worth it.
> I'd actually be really interested in knowing more about what broke. Are
> there any non-ancient libkrb's that include this assumption, or is it
> just some poorly written applications?
It's not that anything necessarily *broke* (although I think some versions
of desktop Kerberos had difficulty, although that may have been with our
K4 vs. K5 realm mismatch). As I said, we're using it, and it does work.
It's that it's not the default, so you have to do a bunch more
configuration work. For instance, I think your AFS cell will need special
configuration to tell it what realm it's associated with, automatic
derivations of realm names from system names will fail and you'll need to
configure special mappings, etc.
> I dunno, if anything, the fact that you're running an entire university
> on a lowercase realm is encouraging rather than discouraging... ;)
Well, all I can tell you is that we regret having done it and if we could
change to all uppercase, we would. Once you've picked a realm name and
deployed it, you're pretty much committed, and changing later is damn near
impossible. So it's worth being extremely conservative.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>