On 9 May 2009, at 16:29, Michael Joyner ᏩᏯ wrote:
Yes, there are dots. no slashes or other special characters.
By default, OpenAFS disallows principals with dots in them.
This is due to the way it translates principals with instances into
pts names - essentially it does a Kerberos 5 -> Kerberos 4 name
mapping, so that sxw/admin (for example) would become sxw.admin. In
this case, the Kerberos principal sxw/admin is then indistinguishable
from the sxw.admin prinicpal - which is potentially dangerous. To play
it safe, principals with a dot in the first component are simply
disallowed.
If you are confident that there are (and will be) no principals in
your domain which collide in this way, then you can disable this check
by starting all of your servers with the -allow-dotted-principals
option.
Cheers,
Simon.
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
