SUMMARY Re: user logins greater than 8 characters

From: vispi@lgc.com
Date: Wed Mar 04 1992 - 21:54:09 CST


-------

Below is my original question.

==>
==>
==>
==>Hi
==>If a user login is greater than 8 characters, a machine running 4.1.1
==>will not allow the user to login.
==>rlogin and rsh don't work either. However su - username works.
==>
==>Is there some way to allow user names greater than 8 characters.
==>This is not an emergency, but it is important that I know the answer.
==>
==>Many thanks.
==>
==> -Vispi
==>
==>PS. I have been told that 4.0.3 would ignore anything after the first
==>8 characters, but login and rsh attempts would not result in failure.

-------

The common consensus is that one should not, and must not have login names
greater than 8 characters. However some suggest it is possible. Sun
support said that no matter what the login name is ( > 8 chars ), if I were
to enter the 8 chars, it would be accepted. I tried that and it didn't work.

I got several other informative email responses that I'll include below.
Thanks to:

"Ric Anderson" <ric@cs.arizona.edu>
macphed@dvinci.usask.ca (Ian MacPhedran)
albion@milo.cs.mcgill.ca (Christopher RABSON
Ian Daniel <Daniel@europarc.xerox.com>
Mike Raffety <miker@sbcoc.com>
Matt Crawford <matt@oddjob.uchicago.edu>
kfp@sibyl.saic.com (Keith F. Pilotti)
Ted Nolan <ted@usasoc.soc.mil>
Ray Brownrigg <Ray.Brownrigg@isor.vuw.ac.nz>
shipley@kizmiaz.tcs.com
imp@kolvir.solbourne.com (Warner Losh)
morakaba@ios.ma30.bull.com (Reza Morakabati)

        -Vispi Dumasia

--------RESPONSES---------------

Login has to write a utmp entry which is restricted to 8 bytes
for the user name. Sun's login stops storing characters from the
name once it reaches sizeof(ut_name). Then it calls getpwnam()
with that string which then doesn't match the /etc/passwd file.

This can lead to wrong logins, if one has two users
        longname
and
        longnameother
for example, since login will match "longname" in either case.

su doesn't impose this restriction, since it doesn't have to deal
with utmp.

In general, there are a log of programs that blindly copy the
username knowing it can't exceed sizeof(ut_name), and they
will core dump (or do worse things) with long names.

Moral of story: Restrict you user names to 8 or less characters.
Just my 2 cents,
Ric (<ric@cs.arizona.edu> "Ric Anderson")

---

>Hi >If a user login is greater than 8 characters, a machine running 4.1.1 >will not allow the user to login. >rlogin and rsh don't work either. However su - username works.

rsh will work - as long as you're not using it as an interactive shell (i.e. using it as rlogin). Try something like:

% rsh -l nineleter host1 echo Hi there

(Assuming nineleter's .rhosts will allow you permission.)

>Is there some way to allow user names greater than 8 characters. >This is not an emergency, but it is important that I know the answer.

I believe the only thing required would be to rewrite login to accept usernames longer than 8 characters. However, there could be a multitude of other things which may go wrong, seeing that some software might be written to not allow more than 8 characters (plus trailing null) for a username.

Ian. Ian MacPhedran, Engineering Computer Centre, University of Saskatchewan. 2B13 Engineering Building, U. of S. Campus, Saskatoon, Sask., CANADA S7N 0W0 macphed@dvinci.USask.CA macphedran@sask.USask.CA

---

Hello,

I imagine that you might get a lot of E-mail about this... Certainly passwd(5) [SunOS 4.1.1] clearly says

" DESCRIPTION " The passwd file contains basic information about each user's " account. This file contains a one-line entry for each " authorized user, of the form: " " username:password:uid:gid:gcos-field:home-dir:login-shell " " where " " username is the user's login name. This field con- " tains no uppercase characters, and must not " be more than eight characters in length.

"Must not be more than eight characters in length" sounds fairly final to me, although I do not know _why_ this should be so. If you have access to source, it should be possible to modify things to work with more than eight-character login names, but there are no doubt a few things that would "break"...

_______________________________________________________________________________ Christopher Rabson McGill University Systems {Administrator, Programmer} School of Computer Science E-mail: albion@cs.mcgill.ca Montreal, Quebec, CANADA

---

Create a username of 8 chars and give it the same uid / gid etc as the one with more than 8 chars. Then disable (put a * in the password field) the "long" username, after copying the password field to the "shorter" username......does that make sense??? I think it does....sort of..?

Ian

eg:

alongnam:pNfrPZjm3DRkI:100:100:A Longname:/home/alongname:/usr/bin/csh

alongname:*:100:100:A Longname:/home/alongname:/usr/bin/csh

---

Login names should be no more than eight characters long; anything that happens to accept more than eight is only using the first eight.

You need to change any existing logins longer than eight characters to only eight (or less).

This is a standard Unix feature ...

Please be sure to summarize back to the list; thanks.

---

No.

If you had full source to the system and recompiled absolutely EVERYTHING, then MAYBE you could make it work. Unix usernames have been 8 characters for so long, though, that I bet you'd still run into problems. ________________________________________________________ Matt Crawford Astronomy & Astrophysics U of Chicago

---

You might get away with making two entries per user in the passwd file, the first being the "official" login, and the second being the longer-than-8 login. Many authentication protocols actually scan the passwd file for UID and then match the first corresponding login name (similar to the official hostname in /etc/hosts). However, this behaviour, if it works, is probably not consistant and causes other problems with later validations (permission to su root, for example).

The short of it is (no pun intended) you might as well just figure out how to shorten longer names to 8 characters. I know this is not always the desirable thing, but unless you have OS source...

Good luck! +Keith

-- O Keith F. Pilotti --O | Science Applications International Corporation (619)552-3900 (Voice) | | 10240 Sorrento Valley Rd, San Diego, CA 92121 (619)552-3157 (FAX) | | | | Pilotti@Sibyl.SAIC.COM SAIT Center for Mobile Computing Technology | O----------------------------------------------------------------------------O

---

I'm afraid the number 8 is pretty well built in to Unix as the limit for login names..

Ted Nolan ted@usasoc.soc.mil

---

I think you will find that the user can log on if only the first 8 characters are used.

Hope this helps Ray Brownrigg ray@isor.vuw.ac.nz

---

Nope... (Unix has never had greater than 8 characters user logins)

---

: If a user login is greater than 8 characters, a machine running 4.1.1 : will not allow the user to login.

That is correct.

: rlogin and rsh don't work either. However su - username works.

For 4.1 that is also correct.

: Is there some way to allow user names greater than 8 characters.

Not in general. 8 characters is a very hard wired constant in zillions of places around the system. I don't think the kernel cares, just the various utilities like talk, login, finger that read/write the /etc/utmp file. I think that the getpwent, et al family of calls is safe because su works.

in 4.0.3 you can rlogin to user foobarbazbang if you are user foobarbazbang on the remote machine. I know that login does ignore past the 8th character, but it also does a strcmp with the full length. So you type in foobarbazbang and it tryies to find a user named foofarba and fails....

I hope this helps, even if it is bad news.

Warner

---

I also faced the same problem some time ago not only on our sparcstation but also on my PC running PC-NFS. I have a feeling that this has to do with the applications (such as telnet) not being able to read past the eight character rather than a deficiency in the operating system. Would you please let me know about the outcome of your posting.

- Reza

------------------------------------------------------------------------------- Reza Morakabati Bull HN Information Systems Inc. (508) 294-3098 300 Concord Road MS 826A R.Morakabati@bull.com Billerica, MA 01821 -------------------------------------------------------------------------------

-------END RESPONSES------



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:37 CDT