SSO from Windows to Solaris using Kerberos: A How-To

Will Fiveash William.Fiveash at sun.com
Wed Sep 19 15:32:24 EDT 2007


On Wed, Sep 19, 2007 at 10:55:51AM -0500, Douglas E. Engert wrote:
> 
> 
> Will Fiveash wrote:
> > On Sun, Sep 02, 2007 at 07:21:52PM +1000, Edward Irvine wrote:
> >> Hi Folks,
> >>
> >> I eventually gave up trying to coax the default sshd on Solaris 10 to  
> >> play nice with GSSAPI - the show-stopper was that it failed with  
> >> usernames > 8 characters.
> > 
> > I use Solaris 10 ssh/sshd doing GSS-API auth via the Kerberos GSS mech
> > all the time.  What you may be running into is that Solaris has a
> > limitation that Unix usernames be no more than 8 characters (see man
> > passwd.4).  This is not a limitation of Solaris sshd.
> > 
> 
> Me too.
> 
> We have many users that have names > 8. None of them login at a console
> bit I have a test account with an 11 character user name. I even tried
> it with dtlogin, and it works.
> 
> Are you sure that is a restriction?
> Is it just an out-dated man page?
> Is this a restriction of the local /etc/passwrd file?

It's a restriction of /etc/passwd which is why I made the man passwd.4
reference.  So depending on the /etc/pam.conf config this could have
been the problem for the originator of this thread.

> The 11 char test account was in NIS, and is now in LDAP.

I'm don't know the specifics of those other account authorities but I
can believe they don't have an 8 char limit like /etc/passwd.  I'm also
sure that limitation exists in Solaris for backwards compat/stability
reasons.

-- 
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)



More information about the Kerberos mailing list