Solaris 10 sshd + GSSAPI - usernames limited to 8 or 9 chars?
Sam Hartman
hartmans at MIT.EDU
Tue Feb 27 17:47:54 EST 2007
>>>>> "Edward" == Edward Irvine at home <eirvine at tpg.com.au> writes:
Edward> Hi,
Edward> We are using the stock solaris 10 sshd daemon and a W2K3 KDC.
Edward> Everything works fine except for one of our users who has a ten
Edward> character username. The user with a long username fails to login from
Edward> a number of clients, such as another solaris 10 computer, and a
Edward> SecureCRT terminal emulator on windows.
Edward> When we switch sshd from stock solaris to an OpenSSH version that I've compiled and linked with MIT-Kerberos 1.5, the client can log in.
Edward> Has anyone seen anything like this? If anyone is interested I can post output from debug sessions.
Sounds like solaris is limiting the length of usernames in
krb5_kuserok (called internally from their gssapi library). That's
fixed in MIT Kerberos 1.5.
More information about the Kerberos
mailing list