Kerberized telnetd: -a valid option & eight char limit on account names

hwntw hwntw at hotmail.com
Tue Oct 26 05:44:49 EDT 2004


hwntw at hotmail.com (hwntw) wrote in message news:<f6fd68d9.0410250503.6281076e at posting.google.com>...
> hartmans at MIT.EDU (Sam Hartman) wrote in message news:<tslacue7i4k.fsf at cz.mit.edu>...
> > Actually, as I recall, MIT's telnetd will call MIT's login.krb5.
> > There do seem to be several username size limits in that program, all
> > based on UT_NAMESIZE.
> > 
> > Looking at Solaris, I think that will get set to 8.
> > 
> > I suspect that we don't handle the case where utmpx has a longer name
> > size than utmp very well.
> > 
> > I'm not sure what the fix is off the top of my head; forcing
> > UT_NAMESIZE to 32 might just work, but you would need to check and
> > make sure it didn't create a buffer overflow.
> > 
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> TVM,
> Is this it?
> 
> login.c:#define UT_NAMESIZE     sizeof(((struct utmp *)0)->ut_name)
> 
> What would a changed definition look like?
> Colin


To answer my own question- yes it is. I set UT_NAMESIZE to 32 in
login.c and krlogind.c and recompiled. It works. Big up to Sam
Hartman.
TVM
Colin


More information about the Kerberos mailing list