Solaris 10 sshd + GSSAPI - usernames limited to 8 or 9 chars?

Sam Hartman hartmans at MIT.EDU
Tue Feb 27 17:47:54 EST 2007


>>>>> "Edward" == Edward Irvine at home <eirvine at tpg.com.au> writes:

    Edward> Hi,
    Edward> We are using the stock solaris 10 sshd daemon and a W2K3 KDC.

    Edward> Everything works fine except for one of our users who has a ten
    Edward> character username. The user with a long username fails to login from
    Edward> a number of clients, such as another solaris 10 computer, and a
    Edward> SecureCRT terminal emulator on windows.

    Edward> When we switch sshd from stock solaris to an OpenSSH version that I've compiled and linked with MIT-Kerberos 1.5, the client can log in.

    Edward> Has anyone seen anything like this? If anyone is interested I can post output from debug sessions.


Sounds like solaris is limiting the length of usernames in
krb5_kuserok (called internally from their gssapi library).  That's
fixed in MIT Kerberos 1.5.




More information about the Kerberos mailing list