@ character in username
Booker C. Bense
bbense at stanford.edu
Tue May 15 13:21:12 EDT 2007
On May 15, 2007, at 7:56 AM, Arati Desai wrote:
> Hi All,
>
> My user name contains '@' character as I need to host multiple
> domains on a single box.
> I have created a user's principal as username\@domain at REALM. First
> @' character is escaped with a '\' while creating principal and
> generating a ticket.
> But I am getting 'Invalid user' error when I try to login with this
> user while the kerb5 authentication succeeds for normal users. (I
> am using heimdal at the service's end for authentication, while the
> KDC is from MIT.)
>
> Is '@' character supported in user name? If so, is there any
> special precaution to be taken while using such user names?
In theory, yes it's supported if properly quoted. In practice, it's a
nightmare. My first kerberos job was making stuff like this work for
kerberos 4 MIT code at EPRI. We found lot's of bugs in the principal
handling code.
Kerberos code has changed a lot since 1993, but I suspect there are
still bugs lurking in dealing with these kinds of things. If there is
anything you can do to avoid using these kinds of principals I would
highly recommend doing so.
_ Booker C. Bense
More information about the Kerberos
mailing list