SSO from Windows to Solaris using Kerberos: A How-To
Will Fiveash
William.Fiveash at sun.com
Wed Sep 19 15:32:24 EDT 2007
On Wed, Sep 19, 2007 at 10:55:51AM -0500, Douglas E. Engert wrote:
>
>
> Will Fiveash wrote:
> > On Sun, Sep 02, 2007 at 07:21:52PM +1000, Edward Irvine wrote:
> >> Hi Folks,
> >>
> >> I eventually gave up trying to coax the default sshd on Solaris 10 to
> >> play nice with GSSAPI - the show-stopper was that it failed with
> >> usernames > 8 characters.
> >
> > I use Solaris 10 ssh/sshd doing GSS-API auth via the Kerberos GSS mech
> > all the time. What you may be running into is that Solaris has a
> > limitation that Unix usernames be no more than 8 characters (see man
> > passwd.4). This is not a limitation of Solaris sshd.
> >
>
> Me too.
>
> We have many users that have names > 8. None of them login at a console
> bit I have a test account with an 11 character user name. I even tried
> it with dtlogin, and it works.
>
> Are you sure that is a restriction?
> Is it just an out-dated man page?
> Is this a restriction of the local /etc/passwrd file?
It's a restriction of /etc/passwd which is why I made the man passwd.4
reference. So depending on the /etc/pam.conf config this could have
been the problem for the originator of this thread.
> The 11 char test account was in NIS, and is now in LDAP.
I'm don't know the specifics of those other account authorities but I
can believe they don't have an 8 char limit like /etc/passwd. I'm also
sure that limitation exists in Solaris for backwards compat/stability
reasons.
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the Kerberos
mailing list