[213] in Kerberos
re: managled hesiod info
daemon@TELECOM.MIT.EDU (Jerome H. Saltzer)
Sat Sep 5 12:00:44 1987
To: <chariot@ATHENA.MIT.EDU>
Cc: bugs@ATHENA.MIT.EDU, rtbugs@ATHENA.MIT.EDU, kerberos@ATHENA.MIT.EDU,
In-Reply-To: <chariot@ATHENA.MIT.EDU>'s message of Sat, 05 Sep 87 06:35:48 EDT
From: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
> Hesiod is returning host names in upper case when asked for filsys
> entries. This causes attach on 5.0 RT's to fail with "NFS uidmap: krb
> error was Can't find ticket (get_credentials)<cr> NFS Kerberos
> authentication failed".
Let's be very careful about just how this one gets fixed; the wrong
fix will get us in deeper water very quickly.
The basic principles for dealing with upper and lower case from a
human engineering standpoint are:
1. People who store and pass along other people's data shouldn't
tamper with (coerce) it; they should store and pass along both upper
and lower case as they find it. Thus SMS stores and passes to Hesiod
and Hesiod returns to its client both upper and lower case
information. (Some customers require it, e.g., UNIX file names may
appear in returned Hesiod info).
2. People who USE data should coerce it to a standard form before
doing string comparisons. Thus Hesiod clients, after getting a
string of data from Hesiod, should coerce it before looking it up in
a local table (they should coerce the information found in the table,
too).
The UNIX file system (to its everlasting disgrace--Multics had proved
that it was a mistake by 1969 and the UNIX design team knew it)
explicitly violates this second principle. And there are too many
programs in the world that know about the violation and depend on it,
so it can't be changed now. The real challenge is to keep that
design mistake from spreading.
The specific bug report looks like a Kerberos library problem. Since
Kerberos uses the UNIX file system to store its tickets, it must be
very careful about the case-ness of the names it uses for the
purpose, so that it can find its own tickets later, if the user
happens to identify them using a different case. Since Kerberos uses
the service principal name to construct the ticket file name, for
consistency it should probably coerce that principal name to lower
case at both ticket creation time and at ticket lookup time.
Incidentally, does anyone know why just the 5.0 RT attach is failing?
Did case sensitivity in attach get somehow addressed in 5.4? Or is
there a case-sensitivity difference between the RT and VAX libraries?
Or perhaps the 5.4 VAX system is failing, too, but no examples have
turned up yet?
Jerry
