Preliminary discussion: DB alias entries

Ken Raeburn raeburn at MIT.EDU
Wed Mar 11 13:37:32 EDT 2009

On Mar 10, 2009, at 22:16, Greg Hudson wrote:
> For user principal aliases you do presumably want to canonicalize the
> name--but I am not aware of any use cases for user principal aliases
> other than case-folding.

Some possible ideas:

User name change (e.g., after marriage if the account name is based on  
the surname, or when a college student heading out into the real world  
decides maybe an obscene word wasn't a great choice of account name)  
-- keeping alias info around may be handy for others looking up the  
person under the old name, but it might be convenient if, should the  
user enter the old name due to "finger macros" not yet retrained, the  
name is mapped to the new one.

Map reusable UNIX user names to non-reusable unique principal names --  
"jsmith" becomes "jsmith/92198478910", while "jsmith/1348539845" was  
the "jsmith" who left three years ago but might still be in some ACL  
or log file somewhere.

Map real names to user names -- "John Smith" and "J.Smith" become  
"jsmith" or "jsmith/92198478910".

Common typos -- in a small, privately managed realm, perhaps "jsmith"  
adds an alias "jsmiht" because he keeps typing it wrong when he's in a  

Some of these (including determining the correct case) could probably  
be done externally too, e.g., through LDAP.  I haven't particularly  
thought about which way would be more appropriate for these possible  
use cases.


More information about the krbdev mailing list