Simon Wilkinson wrote: > > On 9 May 2009, at 16:29, Michael Joyner ᏩᏯ wrote: >>> >> Yes, there are dots. no slashes or other special characters. > > By default, OpenAFS disallows principals with dots in them. > > This is due to the way it translates principals with instances into > pts names - essentially it does a Kerberos 5 -> Kerberos 4 name > mapping, so that sxw/admin (for example) would become sxw.admin. In > this case, the Kerberos principal sxw/admin is then indistinguishable > from the sxw.admin prinicpal - which is potentially dangerous. To play > it safe, principals with a dot in the first component are simply > disallowed. > > If you are confident that there are (and will be) no principals in > your domain which collide in this way, then you can disable this check > by starting all of your servers with the -allow-dotted-principals option. > > Cheers, > > Simon. > Is it even possible to setup principals with '/' in their names on W2K8 ?
-- LyX: http://www.lyx.org/ OpenOffice: http://www.openoffice.org/ Inkscape: http://www.inkscape.org/ Scribus: http://www.scribus.net/ GIMP: http://www.gimp.org/ PDF: http://www.pdfforge.org/
signature.asc
Description: OpenPGP digital signature
