Preliminary discussion: DB alias entries
Ken Raeburn
raeburn at MIT.EDU
Wed Mar 11 13:37:32 EDT 2009
On Mar 10, 2009, at 22:16, Greg Hudson wrote:
> For user principal aliases you do presumably want to canonicalize the
> name--but I am not aware of any use cases for user principal aliases
> other than case-folding.
Some possible ideas:
User name change (e.g., after marriage if the account name is based on
the surname, or when a college student heading out into the real world
decides maybe an obscene word wasn't a great choice of account name)
-- keeping alias info around may be handy for others looking up the
person under the old name, but it might be convenient if, should the
user enter the old name due to "finger macros" not yet retrained, the
name is mapped to the new one.
Map reusable UNIX user names to non-reusable unique principal names --
"jsmith" becomes "jsmith/92198478910", while "jsmith/1348539845" was
the "jsmith" who left three years ago but might still be in some ACL
or log file somewhere.
Map real names to user names -- "John Smith" and "J.Smith" become
"jsmith" or "jsmith/92198478910".
Common typos -- in a small, privately managed realm, perhaps "jsmith"
adds an alias "jsmiht" because he keeps typing it wrong when he's in a
hurry.
Some of these (including determining the correct case) could probably
be done externally too, e.g., through LDAP. I haven't particularly
thought about which way would be more appropriate for these possible
use cases.
Ken
More information about the krbdev
mailing list