Is there a list of characters allowed to define a principal name and realm?

Ken Raeburn raeburn at MIT.EDU
Tue Jun 27 18:38:47 EDT 2006

On Jun 27, 2006, at 18:01, Julio Cesar Parra/Mexico/IBM wrote:
> Hola..
> I'm defining some documentation of this two terms (principal name and
> realm). And I'm wondering if there is any special characters  
> allowed to
> define a principal name and realm name ?

Oh, what a fun question, one we've had problems with before.

The first two answers I heard people here tossing around when your  
email came in were:
   "You don't want to know."
   "Z, 4, Q, Q, Q, and the batman symbol"

More seriously:

Some early implementations just used whatever byte values they were  
passed, making it implementation- and locale-dependent, resulting in  
interoperability issues.

For portability, I think the right answer is "if you use anything  
outside of US-ASCII minus control characters, you're likely to hurt  
yourself or your users", and RFC 4120's specifications and  
recommendations are based on that.  We intend to move to UTF-8 in the  
future, but the wire encoding will be different from the current one.

For domain-style realm names (AFAIK the only kind in widespread use  
currently), look up the specs on naming entries in the domain name  
system.  But steer away from internationalized names and IDN -- I  
suspect the eventual answer is going to be to use a UTF-8 encoding  
(again, in a newer spec) of the internationalized domain/realm name,  
not the IDN encoding.  I could be wrong.

> I know that the valid characters are case sensitive and include all
> alpha-numeric characters (a-z, A-Z, 0-9). but I need to know if  
> there are
> more special characters that need to be considered.

ASCII punctuation, space, etc.  They're uncommon (except for obvious  
ones like ".", "-", "_", and also "/" and "@" in normal printed  
form), but allowed.


More information about the Kerberos mailing list