I think a valid way to handle long names this would be to allow full Kerberos name after the AS keyword CREATE USER shortname IDENTIFIED WITH Kerberos AS "full@principal/NAME" If "AS" is omitted, then we can assume the Kerberos name is the same as shortname? Serg, would this work? Wlad
-----Original Message----- From: Sergei Golubchik [mailto:serg@mariadb.org] Sent: Freitag, 21. Juni 2013 10:39 To: QIU Shuang Cc: Vladislav Vaintroub; maria-developers@lists.launchpad.net Subject: Re: [Maria-developers] [GSoC] Kerberize MariaDB -- some unclear point about the project
Hi, QIU!
On Jun 21, QIU Shuang wrote:
Hi Wlad,
After thinking it over again, the maximum login name length in MariaDB, which is only 16 characters by default the same as in MySQL. I find this https://mariadb.atlassian.net/browse/MDEV-4332 in JIRA. Will the long username be well supported in subsequent releases?
As you can see, this MDEV-4332 is already marked as "Fixed", with the "Fix Version/s: 5.5.31".
So this is already supported in the 5.5.31 release.
But note that - see the task description - you need to change system tables manually to enjoy longer user names.
A valid GNU/Linux username is a 32 character string (see useradd(8) man page). And a valid Kerberos principal name length is in between 1 and 256 inclusively. (see
http://pic.dhe.ibm.com/infocenter/iseries/v6r1m0/index.jsp?topic=/cl/addkrbt k
t.htm, I didn't find an official document)
If we put a whole valid Kerberos principal name, I think it may cause problem someday for the unmatched name length.
Right. Currently (starting from 5.5.31) the code supports up to 512 bytes long usernames. But practically the limit is 80 characters, then we hit a max index length limit in MyISAM.
Regards, Sergei