[570] in Kerberos-V5-bugs
Re: More Concerns Over The Case of The Realm Names
daemon@ATHENA.MIT.EDU (John Gilmore)
Fri Jul 8 20:09:57 1994
To: tytso@MIT.EDU (Theodore Ts'o)
Cc: "Doug Engert" <DEEngert@anl.gov>, auth-pilot@es.net, bcn@ISI.EDU,
krb5-bugs@MIT.EDU, gnu@cygnus.com
In-Reply-To: Your message of "Fri, 08 Jul 1994 13:02:40 EDT."
<9407081702.AA11896@tsx-11.MIT.EDU>
Date: Fri, 08 Jul 1994 17:09:29 -0700
From: John Gilmore <gnu@cygnus.com>
I agree with everyone who isn't a Kerberos oldtimer.
That is, uppercase realm names are a botch.
Cygnus provided Kerberos support to the Usenix terminal room for the
last two conferences. The most common problem encountered at Winter
Usenix (when I was there) was that peoples' realm names were in the
wrong case.
New adopters of K5 (of which there will be many, we hope) should
use whatever convention they like. They will probably like lowercase.
Is there a good reason that realm names are defined to be
case-sensitive? We could avoid the entire debate by simply making
them case-insensitive, like host names or email addresses. (This has
a few problems in non-English alphabets, but with proper use of
toupper/tolower rather than "x^040", it is solvable.)
The second most common terminal-room problem was that peoples' realm
names were not in the *%^*&&$## ascii text file ""database"". After
we get the realm name problem resolved, it'll be time to define a
standard way to put host->realm and realm->kdc mappings into the DNS.
There's no reason to panic or flame over this stuff, it's the usual
result of a user interface designed by programmers. It gets a lot
more obvious what to improve, after you see some naive users stumble
on the same things time after time. (And at Usenix, these are naive
*Unix wizards*!!!)
John Gilmore
PS: Yes, it need to be clear that a hostname is not a realm name.
However, hst_realm.c defines a default MAPPING between hostnames and
realm names (which a config file can override). Why shouldn't the
default mapping be a convenient one for the humans?
