[6513] in Kerberos
Re: maximum principal length?
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Mon Jan 22 11:20:32 1996
Date: Mon, 22 Jan 96 11:02:10 EST
From: Barry Jaspan <bjaspan@bbnplanet.com>
To: Mark London <MRL@pfc.mit.edu>
Cc: KERBEROS@MIT.EDU
In-Reply-To: [6503]
I've searched the web without luck in trying to find out the answer to this
question: What is the maximum principal length?
I do not believe the RFC specifies a maximum length, although I could
be wrong.
In the MIT krb5 implementation, the length is constrained by the
32-bit integers used as length indicators:
typedef struct krb5_principal_data {
krb5_magic magic;
krb5_data realm;
krb5_data FAR *data; /* An array of strings */
krb5_int32 length;
krb5_int32 type;
} krb5_principal_data;
typedef struct _krb5_data {
krb5_magic magic;
int length;
char FAR *data;
} krb5_data;
The krb5_principal_data.data field is an array of name components
(separated by "/" in the text representation), so a principal can have
2^31 components (assuming the length isn't unsigned-safe, I have no
idea). Each component can be an "int" long, which is either 2^15 or
2^31 (or 2^63 I guess on some machines).
So I'd say at a minimum a krb5 principal can be 2^46 characters long,
not counting the realm. I'm quite sure the database and memory
storage would fail long before the protocol and principal-handing code
would. :-)
Gee, 2^46 is more than 40 bits, perhaps krb5 principal names should be
unexportable! :-)
Barry
