maria-developers team mailing list archive

["Vladislav Vaintroub" <wlad@xxxxxxxxxxxxxxxx>]

I think a valid way to handle long names this would be to allow full
Kerberos name after the AS keyword

CREATE USER shortname IDENTIFIED WITH Kerberos AS "full@principal/NAME"

If "AS" is omitted, then we can assume the Kerberos name is the same as
shortname? 

Serg, would this work?

Wlad


> -----Original Message-----
> From: Sergei Golubchik [mailto:serg@xxxxxxxxxxx]
> Sent: Freitag, 21. Juni 2013 10:39
> To: QIU Shuang
> Cc: Vladislav Vaintroub; maria-developers@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Maria-developers] [GSoC] Kerberize MariaDB -- some unclear
> point about the project
> 
> Hi, QIU!
> 
> On Jun 21, QIU Shuang wrote:
> > Hi Wlad,
> >
> > After thinking it over again, the maximum login name length in
> > MariaDB, which is only 16 characters by default the same as in MySQL.
> > I find this https://mariadb.atlassian.net/browse/MDEV-4332 in JIRA.
> > Will the long username be well supported in subsequent releases?
> 
> As you can see, this MDEV-4332 is already marked as "Fixed", with the
> "Fix Version/s: 5.5.31".
> 
> So this is already supported in the 5.5.31 release.
> 
> But note that - see the task description - you need to change system
> tables manually to enjoy longer user names.
> 
> > A valid GNU/Linux username is a 32 character string (see useradd(8) man
> page).
> > And a valid Kerberos principal name length is in between 1 and 256
> inclusively. (see
>
http://pic.dhe.ibm.com/infocenter/iseries/v6r1m0/index.jsp?topic=/cl/addkrbt
k
> t.htm, I didn't find an official document)
> > If we put a whole valid Kerberos principal name, I think it may cause
> > problem someday for the unmatched name length.
> 
> Right. Currently (starting from 5.5.31) the code supports up to 512
> bytes long usernames. But practically the limit is 80 characters, then
> we hit a max index length limit in MyISAM.
> 
> Regards,
> Sergei