[1491] in Kerberos-V5-bugs
Re: Kerberos V5 beta5 / DCE interoperability problem
daemon@ATHENA.MIT.EDU (Joe Ramus)
Mon Jun 19 16:43:17 1995
Date: Mon, 19 Jun 95 13:40:00 PDT
From: ramus@nersc.gov (Joe Ramus)
To: pato@apollo.hp.com, tytso@MIT.EDU, KRB5-BUGS@MIT.EDU
Cc: DEEngert@anl.gov, sommerfeld@apollo.hp.com
For es.net applications, we want to use the DCE Security Service
to supply a Kerberos ticket and then use that to get access to AFS.
In most cases, AFS cell names are lower case.
It is my understanding that we need to have the DCE and AFS cell
names the same. We also plan to migrate our AFS cell to DCE/DFS which
again requires the same cell name (lower case).
I must have missed the point somewhere?
Why does MIT want to require "all upper case" in RFC 1510?
Why is it so difficult to allow both upper & lower case and to
distinguish between them?
It is reasonable to say that a "default" cell name is all upper case.
But it is unreasonable to exclude lower case cell names.
----------------------------------------------------------------
| Joe Ramus NERSC Livermore (510) 423-8917 ramus@nersc.gov |
----------------------------------------------------------------
>>
>> Date: Mon, 19 Jun 1995 10:38:36 -0400
>> From: pato@apollo.hp.com (Joseph N. Pato)
>>
>> >The correct convention is that the cell name should be upper case. The
>> >fact that DCE enforces the cell name to be in lower case, and then
>> >forces the Kerberos realm name to match the cell name is a bug, which I
>> >think they might try to fix in DCE 1.2.
>>
>> The cell name can be either upper case or lower case. I do not expect this
>> to change any time in the future. We support a variety of global naming
>> services - each with their own peculiarities about the way a name can be
>> expressed. There is no guarantee that upper-case-only names are legal.
>>
>> Are you sure about this? I was assured that DCE forcibly lowercases the
>> cellname. In fact, as I recall someone from HP (I'm pretty sure it was
>> you) protested approximately 6 months ago when Cliff proposed making an
>> Errata to the RFC which would force the realm names to be uppercase
>> (everything else would then be nonstandard). The reason that was given
>> for our not doing this was because DCE wouldn't support lower case realm
>> names at all, no matter how hard an administrator tried to make it be
>> all upper case.
>>
>> Doug, Bill, would you like to comment on whether this is true?
>>
>> In any case, the deployed base uses all uppercase, and if it is true
>> that DCE can use all upper case realm names, I will recommend to Cliff
>> that we in the upcoming revision to RFC 1510, that we specify that the
>> realm name MUST be in all upper case.
>>
>> - Ted
