Change the default principal regex to allow two characters

Change the default allowed principal regex to allow two-character user
principals.  This is just a default and can be overridden by setting
the allowed key in the configuration.

diff --git a/NEWS b/NEWS
index 5bc10d2aede22101190627c9b6aebee52b5aa206..1a90997fb74ae0aeeee4511055a9644c958a4ba2 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,10 @@ kadmin-remctl 3.4 (unreleased)
     and use of service tickets for user principals is quite obscure and
     rare in Kerberos, this seems like a better default.
 
+    Change the default allowed principal regex to allow two-character user
+    principals.  This is just a default and can be overridden by setting
+    the allowed key in the configuration.
+
 kadmin-remctl 3.3 (2013-03-25)
 
     In the Heimdal version of kadmin-backend, retry the kadmin connection

diff --git a/kadmin-backend b/kadmin-backend
index 0d3c3c14d9bc59527658af7f0a0df50a96607f0a..3d5e3b3e4c1e8d8bfa6b6c639bfd6d7877883ba7 100755 (executable)
--- a/kadmin-backend
+++ b/kadmin-backend
@@ -179,7 +179,7 @@ sub check_instance {
 sub check_principal {
     my ($principal, $instance) = @_;
     check_instance ($instance);
-    my $regex = $CONFIG{$instance}{allowed} || '^[a-z][0-9a-z]{2,7}\z';
+    my $regex = $CONFIG{$instance}{allowed} || '^[a-z][0-9a-z]{1,7}\z';
     if ($principal !~ /$regex/ || $RESERVED{$principal}) {
         die "error: invalid principal: $principal\n";
     }
@@ -1372,7 +1372,7 @@ account instances (principals in the form I<principal>/I<instance>).
 
 All of these functions except for C<examine> and the C<instance> functions
 by default only accept principals with no instances or realms, and that
-consist of three to eight characters starting with a lowercase letter and
+consist of two to eight characters starting with a lowercase letter and
 containing only digits and lowercase letters.  This can be overridden in
 the configuration.  C<instance> functions require a principal that fits
 the same requirements and an instance that starts with a letter and

diff --git a/kadmin-backend-heim b/kadmin-backend-heim
index 237740e67d307d79eadfe8a300ffedeeb5d1cced..47670310481760bca7f84cbd564695888da4a2fc 100755 (executable)
--- a/kadmin-backend-heim
+++ b/kadmin-backend-heim
@@ -185,7 +185,7 @@ sub check_instance {
 sub check_principal {
     my ($principal, $instance) = @_;
     check_instance ($instance);
-    my $regex = $CONFIG{$instance}{allowed} || '^[a-z][0-9a-z]{2,7}\z';
+    my $regex = $CONFIG{$instance}{allowed} || '^[a-z][0-9a-z]{1,7}\z';
     if ($principal !~ /$regex/ || $RESERVED{$principal}) {
         die "error: invalid principal: $principal\n";
     }
@@ -1509,7 +1509,7 @@ account instances (principals in the form I<principal>/I<instance>).
 
 All of these functions except for C<examine> and the C<instance> functions
 by default only accept principals with no instances or realms, and that
-consist of three to eight characters starting with a lowercase letter and
+consist of two to eight characters starting with a lowercase letter and
 containing only digits and lowercase letters.  This can be overridden in
 the configuration.  C<instance> functions require a principal that fits
 the same requirements and an instance that starts with a letter and