[1487] in Kerberos-V5-bugs
Re: Kerberos V5 beta5 / DCE interoperability problem
daemon@ATHENA.MIT.EDU (Joseph N. Pato)
Mon Jun 19 10:40:38 1995
Date: Mon, 19 Jun 1995 10:38:36 -0400
To: Theodore Ts'o <tytso@MIT.EDU>
From: pato@apollo.hp.com (Joseph N. Pato)
Cc: KRB5-BUGS@MIT.EDU
>The correct convention is that the cell name should be upper case. The
>fact that DCE enforces the cell name to be in lower case, and then
>forces the Kerberos realm name to match the cell name is a bug, which I
>think they might try to fix in DCE 1.2.
>
>While I won't deliberately break lower-case realm names, I'm not going
>to go out of my way to support them, either. There are also programs
>that try to deliver intelligent defaults that fail because DCE violates
>the Kerberos convention.
>
> - Ted
Ted,
The cell name can be either upper case or lower case. I do not expect this
to change any time in the future. We support a variety of global naming
services - each with their own peculiarities about the way a name can be
expressed. There is no guarantee that upper-case-only names are legal.
Since the realm name is defined to be case correct and lower-case names are
not explicitely ruled out, I think it is a mistake for you not to fix bugs
that are related to the assumption that a realm name is always in upper
case.
Intelligent defaults, on the other hand, are perfectly reasonable. Since
your code is generally embedded in a DNS world where upper-case names are
the norm, there is no reason why the defaults should be anything other than
upper-case. This is very different from avoiding the support of lower case
names.
- joe
