@ character in username

Ken Raeburn raeburn at MIT.EDU
Wed May 16 21:44:08 EDT 2007


On May 15, 2007, at 20:18, Booker C. Bense wrote:
>> I think the key words here are "the @ was always escaped". Just like
>> "lower case realms should not be a problem" and we both know how
>> well that one worked out.
>>
>> If it was me, I would think really hard about this and try and map
>> the guest accounts to things like
>>
>> user/foo.remote.com
>>
>> rather than
>>
>> user\@foo.remote.com
>>
>> Either way you're going to put a lot of work into wrapping and
>> dealing with the primcipal. There is some chance 3rd party software
>> will properly deal with the first and very little that it will get
>> the second right. If you can control every piece of software that
>> might touch the principal, you can probably get away with the do
>> the latter. We eventually had code that dealt with things like this
>
>
> "Dr. John Austin"@some.where.foo at EPRI.COM
>
> I've no idea whether Cygnus ever bothered to feed it back upstream or
> not.

Some Cygnus changes got back to MIT, some didn't, but there are  
copies of the Cygnus code and CVS repository around somewhere.  It  
looks like "kinit foo at bar@baz" doesn't work in the MIT code base  
without the "\".  Don't think I've seen any bug reports on this  
though...

Ken





More information about the Kerberos mailing list