Is there a list of characters allowed to define a principal name and realm?
Ken Raeburn
raeburn at MIT.EDU
Tue Jun 27 18:38:47 EDT 2006
On Jun 27, 2006, at 18:01, Julio Cesar Parra/Mexico/IBM wrote:
> Hola..
>
> I'm defining some documentation of this two terms (principal name and
> realm). And I'm wondering if there is any special characters
> allowed to
> define a principal name and realm name ?
Oh, what a fun question, one we've had problems with before.
The first two answers I heard people here tossing around when your
email came in were:
"You don't want to know."
"Z, 4, Q, Q, Q, and the batman symbol"
More seriously:
Some early implementations just used whatever byte values they were
passed, making it implementation- and locale-dependent, resulting in
interoperability issues.
For portability, I think the right answer is "if you use anything
outside of US-ASCII minus control characters, you're likely to hurt
yourself or your users", and RFC 4120's specifications and
recommendations are based on that. We intend to move to UTF-8 in the
future, but the wire encoding will be different from the current one.
For domain-style realm names (AFAIK the only kind in widespread use
currently), look up the specs on naming entries in the domain name
system. But steer away from internationalized names and IDN -- I
suspect the eventual answer is going to be to use a UTF-8 encoding
(again, in a newer spec) of the internationalized domain/realm name,
not the IDN encoding. I could be wrong.
> I know that the valid characters are case sensitive and include all
> alpha-numeric characters (a-z, A-Z, 0-9). but I need to know if
> there are
> more special characters that need to be considered.
ASCII punctuation, space, etc. They're uncommon (except for obvious
ones like ".", "-", "_", and also "/" and "@" in normal printed
form), but allowed.
Ken
More information about the Kerberos
mailing list