[OpenAFS-devel] Krb5-only and KeyFile?
Jeffrey Hutzelman
jhutz@cmu.edu
Mon, 06 Jun 2005 13:53:09 -0400
On Monday, June 06, 2005 01:38:02 PM -0400 Ken Hornstein
<kenh@cmf.nrl.navy.mil> wrote:
>> Right now, this mapping is fixed and is fairly simple:
>>
>> - for single-component names (V4 or V5), we use the one component
>> - for two-component V4 names, we use the two components separated by
>> dots. - for two-component V5 names, we use the two components separated
>> by dots, except that host/foo is converted to rcmd.foo, and for some 40
>> services the second component is truncated at the first dot (*)
>> - names with more than two components are rejected
>> - if the realm is not one of the server's local realms, we add @realm,
>> with the realm coerced to lower case.
>
> You forgot one:
>
> - If the first component has a dot in it, the rxkad module will reject
> the name. This will hose you hard if you have names with a dot in
> them and you switch from a V4-converted ticket to a rxkad-2b ticket.
> (Yes, I learned this the hard way).
Indeed, I stopped reading just above that test.